I have a hidden master server, using dns.he.net to slave to it. However it only accepts default port of 53. Is there a way to use a non standard port?
I'm not sure the reason behind your need, however, I did have a similar need, i.e., I did not want random hosts/scanners connecting to the hidden master.
I resolved that need by configuring the firewall on the hidden master to allow inbound connections only from the HE secondary servers, 216.218.133.2 and 2001:470:600::2. Outbound connections to any IP were already allowed.
That's been working fine for me.
I agree with the above solution. AXFRs should also be restricted at the server's application layer.
A nonstandard port isn't an option by using dns data. To access a SRV record, one must make a DNS query to fetch it - so how is one going to do that to know to use the nonstandard port to get the record to get that info? One can't glue SRV records to a parent zone.
With BIND, the server statement doesn't have a port option. You're on your own as to other software.
Using DANE with DNS, one has to fetch the SRV record (and TLSA records) for "_853._tcp.DNS...." via port 53 unencrypted before using TLS-secured DNS queries. Same problem as above.
Even with all of that, to expect HE to do something nonstandard is dreaming....