Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
sgjohnson 3 hours ago

Blocking port 25 is perfectly reasonable.

There are no sane and legitimate reasons for running an SMTP server on a residential connection. Even most server providers will block it unless you give them some very good reasons.

Blocking 53 is just weird though.

myself248 an hour ago | parent | next [-]

Define "residential connection".

There is no such thing. A connection to the internet should be equal to any other connection to the internet, modulo BGP peering. Noone has a right to dictate what services I run or don't run, what protocols I speak or don't speak, what traffic I accept or deny, but *me*. That's the whole point of being on the internet rather than Prodigy or Compuserve or something.

The physical location of that connection is irrelevant. Maybe I feel my servers are safer in a datacenter. Maybe I feel they're safer in my basement. In my case, it is very much the latter, and again, you don't get to make that call. I do.

daneel_w 2 hours ago | parent | prev | next [-]

I'm not sure you read the OP's comment in full. They are talking about inbound traffic from the Internet. It's certainly a lot more common a case to self-host an MX than running an open DNS resolver or authorative name server.

B1FIDO an hour ago | parent [-]

You may be surprised to learn that there are many types of botnets out there, and many use DNS queries for the C&C.

Although the GP wrote "53/tcp" that is a weird situation, because most (not all) DNS is over UDP.

One day I suddenly found my DNS resolver logs were very active with veritable gibberish. And it seems that my router had been pwned and joined some sort of nefarious botnet.

I only found this out because I was using NextDNS at the time, and my router's own resolver was pointed there, and NextDNS was keeping meticulous, detailed logs of every query.

So I nipped it in the bud, by determining which device it was, by ruling out other devices, and by replacing the infected demon router with a safe one.

But yeah, if your 53/udp or 25/tcp is open, you can pretty much expect to join a botnet of the DNS or SMTP-spam varieties.

tsss an hour ago | parent | prev [-]

Whether or not I have a sane reason to use port 25 is none of their business.