LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-03-2012, 03:19 PM   #1
XenaneX
Member
 
Registered: Jan 2009
Location: SE USA
Distribution: Mageia 4 formerly PCLOS
Posts: 144
Blog Entries: 5

Rep: Reputation: 19
How to secure port 53


Shields Up! (https://www.grc.com) reports I have port 53 (Domain Name Server) open. I would like to make it invisible to the outside world but don't know how to do this. Can someone help please? Thanks very much.

Last edited by XenaneX; 08-03-2012 at 04:10 PM. Reason: Wanted to put a ? after the subject so readers would realize this was a question being asked.
 
Old 08-03-2012, 05:01 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
why do you have it at all in the first place? What is it? What kind of network are you running publicly? We need useful information to give useful advice.
 
Old 08-03-2012, 05:11 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Stealth was a craze people succumbed to in the previous millennium. Today you should focus on proper hardening. If you want to block outside access to UDP/53 and TCP/53 you could:
0) block it in your router if you are behind one and use NAT, or
1) make the resolver listen only on your LAN subnet and block queries from outside it, deny outside hosts to access the service via /etc/hosts.deny (if the resolver was compiled with libwrap) and block it in the hosts firewall.
 
Old 08-03-2012, 05:36 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
It reads to me that they aren't really aware of what a DNS server is in the first place, and probably wants to get rid of whatever it is. May well be wrong though.
 
Old 08-03-2012, 05:44 PM   #5
XenaneX
Member
 
Registered: Jan 2009
Location: SE USA
Distribution: Mageia 4 formerly PCLOS
Posts: 144
Blog Entries: 5

Original Poster
Rep: Reputation: 19
I'm not running any kind of network and internet is via wired ethernet. I have a rather lengthy hosts file and am behind a firewall. Maybe I am worrying too much. Thanks very much for the help and tips. I am very appreciative and hope I didn't waste anyone's time.
 
Old 08-03-2012, 06:21 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by XenaneX View Post
I'm not running any kind of network and internet is via wired ethernet.
If you don't do router NAT then it could be it picks up your ISP's filtering?..


Quote:
Originally Posted by XenaneX View Post
I have a rather lengthy hosts file and am behind a firewall.
Using /etc/hosts to block ad sites is deprecated. Better methods exist but if you think it is not inefficient, incomplete or easy to circumvent then try answering these questions for yourself.



Quote:
Originally Posted by XenaneX View Post
Maybe I am worrying too much.
No need to "think", "worry" or "guess" because computing is binary with respect to testing conditions: something is enabled or it is not, something is secure or it is not. The easiest way to find out if a port is actually open is to run a remote scan against the machine. If you don't have a remote host to work from then there are enough free on-line services that offer you Nmap scans: http://nmap-online.com/, http://www.securityspace.com/smysecure/basic_index.html, etc, etc.


Quote:
Originally Posted by XenaneX View Post
I am very appreciative and hope I didn't waste anyone's time.
Asking questions is good. Not asking, that's bad.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
try to secure usb port of system on linux platform. mandars Linux - Software 8 04-14-2010 08:56 AM
to secure the usb port by external device connection chaitalil Linux - Newbie 1 04-14-2010 08:00 AM
How to secure an open port in iptables jefn Linux - Security 18 04-29-2009 12:22 AM
SSH port forwarding to secure other services sunlinux Linux - Security 1 02-15-2008 01:32 AM
which port does secure shell run on? naijaguy Linux - Newbie 1 08-12-2004 11:43 PM


All times are GMT -5. The time now is 10:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration