Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  


Welcome to Hurricane Electric's forums!

Author Topic: Non standard ports on DNS Slave  (Read 2235 times)


  • Newbie
  • *
  • Posts: 1
Non standard ports on DNS Slave
« on: May 19, 2020, 04:58:40 PM »

I have a hidden master server, using to slave to it.  However it only accepts default port of 53.  Is there a way to use a non standard port?


  • Newbie
  • *
  • Posts: 39
Re: Non standard ports on DNS Slave
« Reply #1 on: May 20, 2020, 07:21:04 AM »

I'm not sure the reason behind your need, however, I did have a similar need, i.e., I did not want random hosts/scanners connecting to the hidden master.

I resolved that need by configuring the firewall on the hidden master to allow inbound connections only from the HE secondary servers, and 2001:470:600::2.  Outbound connections to any IP were already allowed.

That's been working fine for me.

« Last Edit: May 20, 2020, 07:36:47 AM by passport123 »


  • Hero Member
  • *****
  • Posts: 797
Re: Non standard ports on DNS Slave
« Reply #2 on: May 21, 2020, 10:31:52 AM »

I agree with the above solution.  AXFRs should also be restricted at the serverís application layer.

A nonstandard port isnít an option by using dns data.  To access a SRV record, one must make a DNS query to fetch it - so how is one going to do that to know to use the nonstandard port to get the record to get that info?  One canít glue SRV records to a parent zone.

With BIND, the server statement doesnít have a port option.  Youíre on your own as to other software.

Using DANE with DNS, one has to fetch the SRV record (and TLSA records) for ď_853._tcp.DNS....Ē via port 53 unencrypted before using TLS-secured DNS queries.  Same problem as above.

Even with all of that, to expect HE to do something nonstandard is dreaming....
« Last Edit: May 21, 2020, 10:33:42 AM by snarked »