[ale] OT: dealing w/comcast

[Jim Popovitch]

Jerry Yu wrote:
> for the DNS quirks, I noticed that Comcast is querying my DNS server 
> with UDP packets (SPORT=53 DPORT=53). My iptables rules for inbound DNS 
> queries is to allow (SPORT=1024:) thus Comcast queries got logged and 
> rejected. What's the benefit to have SPORT at 53?

The benefit is that you won't get so many log errors. :-)   Are you sure 
it's UDP?  DNS zone transfers typically occur over TCP.

-Jim P.