Exhaustive list of source ports used by coredns #6193
Replies: 3 comments
-
|
By default, CoreDNS uses the operating system's ephemeral port range for the source port when forwarding DNS queries. The ephemeral port range is typically defined in the operating system's network configuration. In most cases, this range is between 49152 and 65535. |
Beta Was this translation helpful? Give feedback.
-
|
Limiting source port to narrow range or even worse a single port is not good idea. Especially when DNSSEC validation is not implemented, port randomization makes it harder to insert bogus responses into the cache. You want it as wide as possible. Isn't source host, destination host and destination port enough information to create sufficient entry? There is even RFC on this topic: https://www.rfc-editor.org/rfc/rfc6056 |
Beta Was this translation helpful? Give feedback.
-
|
There is bind plugin, which might help you to choose specific source address if you need to differentiate them. That should be safer to use. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I have coredns behind firewall and I need to whitelist all ports used by coredns.
I noticed that coredns forward requests to external DNS via random source port. Does anybody have some information on the ports range used for this source port ?
On a schema, it would be like this (xxxx range values) :
flowchart TD A[Coredns - Source port : xxxxx] -->|53/udp| B(External DNS)Thanks in advance !
Rahenda
Beta Was this translation helpful? Give feedback.
All reactions