From ac0dc2759699bb07ded84f6df03804252eecd36a Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Fri, 27 Jun 2025 13:39:43 -0400
Subject: [PATCH] move dnsdist control socket to port 55

This avoids unnecessary overlap with our ephemeral port range.
---
 etc/nftables/nftables-ns1.conf | 2 +-
 etc/nftables/nftables-ns2.conf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/nftables/nftables-ns1.conf b/etc/nftables/nftables-ns1.conf
index ec956c3..97c6fee 100644
--- a/etc/nftables/nftables-ns1.conf
+++ b/etc/nftables/nftables-ns1.conf
@@ -133,7 +133,7 @@ table inet filter {
 
         skuid powerdns tcp sport 81 tcp dport >= 1024 notrack accept
 
-        skuid dnsdist tcp sport 5199 tcp dport >= 1024 notrack accept
+        skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept
 
         skuid zerotier-one tcp sport 9993 tcp dport >= 1024 notrack accept
 
diff --git a/etc/nftables/nftables-ns2.conf b/etc/nftables/nftables-ns2.conf
index 14b2e15..c2315ba 100644
--- a/etc/nftables/nftables-ns2.conf
+++ b/etc/nftables/nftables-ns2.conf
@@ -131,7 +131,7 @@ table inet filter {
 
         skuid powerdns tcp sport 81 tcp dport >= 1024 notrack accept
 
-        skuid dnsdist tcp sport 5199 tcp dport >= 1024 notrack accept
+        skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept
 
         skuid != root counter goto graceful-reject
         notrack accept