move dnsdist control socket to port 55

This avoids unnecessary overlap with our ephemeral port range.
2025-07-23 15:00:42 -04:00 · 2025-06-27 13:39:43 -04:00 · 2025-06-27 13:39:43 -04:00 · ac0dc27596
commit ac0dc27596
parent 3b2f6d546c
2 changed files with 2 additions and 2 deletions
--- a/etc/nftables/nftables-ns1.conf
+++ b/etc/nftables/nftables-ns1.conf
@ -133,7 +133,7 @@ table inet filter {

        skuid powerdns tcp sport 81 tcp dport >= 1024 notrack accept

-        skuid dnsdist tcp sport 5199 tcp dport >= 1024 notrack accept
+        skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept

        skuid zerotier-one tcp sport 9993 tcp dport >= 1024 notrack accept

--- a/etc/nftables/nftables-ns2.conf
+++ b/etc/nftables/nftables-ns2.conf
@ -131,7 +131,7 @@ table inet filter {

        skuid powerdns tcp sport 81 tcp dport >= 1024 notrack accept

-        skuid dnsdist tcp sport 5199 tcp dport >= 1024 notrack accept
+        skuid dnsdist tcp sport 55 tcp dport >= 1024 notrack accept

        skuid != root counter goto graceful-reject
        notrack accept