The table below describes the ports, protocols, direction of communication, and inter-container communication required for NS1 DDI. The Port column shows the protocol and the direction of communication as well as if it is a required or optional rule. The description column will in some cases provide details about inter-container communication.
| DATA CONTAINER |
|
|---|---|
| Port | Description |
| TCP/5353 (inbound) |
TLS communication from CORE container |
| TCP/5454 (inbound) | Data replication (only necessary if data and core containers will be on the same host) |
| CORE CONTAINER | |
| TCP/80 (inbound; optional) | HTTP port for API and portal |
| TCP/443 (inbound) | HTTPS port for API and portal |
| TCP/5353 (inbound) | TLS communication from DIST, DNS, and DHCP containers |
| TCP/5353 (outbound) | TLS communication to DATA container |
| XFR CONTAINER | |
| UDP/53 & TCP/53 (inbound) | UDP and TCP DNS zone transfer |
| TCP/5353 (outbound) | TLS communication to CORE and DIST containers |
| DNS CONTAINER | |
| UDP/53 & TCP/53 (inbound) | UDP and TCP for DNS |
| TCP/3300 (inbound; optional) | HTTPS communication for container configuration portal and API |
| TCP/5353 (outbound) | TLS communication to CORE and DIST containers |
| DIST (distribution) CONTAINER | |
| TCP/5353 (inbound) | TLS communication from XFR, DNS, and DHCP containers |
| TCP/5353 (outbound) | TLS communication to CORE container |
| DHCP CONTAINER | |
| UDP/67 (inbound) | UDP for DHCP broadcast |
| TCP/5353 (outbound) | TLS communication to CORE and DIST containers |
| MONITOR CONTAINER | |
| TCP/5353 (outbound) | TLS communication to CORE and DIST containers |
| random | A random port assignment given to monitors. Due to the port randomization, NS1 recommends outbound ports are not restricted. |
| TCP/7777 (inbound) | Used for stateful communication when high-availability (HA) mode is enabled |
| UDP/7777 (inbound & outbound) | Used for heartbeat communication when high-availability (HA) mode is enabled |