Hacker News new | past | comments | ask | show | jobs | submit login

Are you sure? From https://docs.docker.com/compose/compose-file/:

> Either specify both ports (HOST:CONTAINER), or just the container port (an ephemeral host port is chosen).

It sounds like you get a random publicly accessible port unless you specify a non publicly accessible IP. I'm not sure whether having a DNS server listening on a non standard port would be an issue though.




Sorry! I was wrong you are correct.

but nonetheless you're ingress rules in your cloud provider will not allow anything but that's single port so it's not really a big deal provided you close everything else off in your firewall.

I will make an update to see how I can work around this


> but nonetheless you're ingress rules in your cloud provider will not allow anything but that's single port...

That's all that's required for a DNS amplification attack. :)


Thats not true. DNS isnt on 51820. That's wireguard. You cannot hit the DNS unless you're connected to the wireguard VPN provided you're using a cloud provider and you havent configured any additional ingress rules other than port 51820. That I am positive on.


You're right! I thought we were talking about the Pi-hole port. ><


You can try setting up a vpn and no tcp/udp is necessary. Pinhole could be accessed over local network.


Modified it so that only port 51820 is exposed preventing any unintentional exposure.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: