The table below describes the ports, protocols, direction of communication, and inter-container communication required for NS1 DDI. The Port column shows the protocol and the direction of communication as well as if it is a required or optional rule. The description column will in some cases provide details about inter-container communication.
DATA CONTAINER |
|
---|---|
Port | Description |
TCP/5353 (inbound) |
TLS communication from CORE container |
TCP/5454 (inbound) | Data replication (only necessary if data and core containers will be on the same host) |
TCP/3300 (inbound; optional) | HTTPS communication for container configuration portal and API |
CORE CONTAINER | |
TCP/80 (inbound; optional) | HTTP port for API and portal |
TCP/443 (inbound) | HTTPS port for API and portal |
TCP/3300 (inbound; optional) | HTTPS communication for container configuration portal and API |
TCP/5353 (inbound) | TLS communication from DIST, DNS, and DHCP containers |
TCP/5353 (outbound) | TLS communication to DATA container |
XFR CONTAINER | |
UDP/53 & TCP/53 (inbound) | UDP and TCP DNS zone transfer |
TCP/3300 (inbound; optional) | HTTPS communication for container configuration portal and API |
TCP/5353 (outbound) | TLS communication to CORE and DIST containers |
DNS CONTAINER | |
UDP/53 & TCP/53 (inbound) | UDP and TCP for DNS |
TCP/3300 (inbound; optional) | HTTPS communication for container configuration portal and API |
TCP/5353 (outbound) | TLS communication to CORE and DIST containers |
DIST (distribution) CONTAINER | |
TCP/3300 (inbound; optional) | HTTPS communication for container configuration portal and API |
TCP/5353 (inbound) | TLS communication from XFR, DNS, and DHCP containers |
TCP/5353 (outbound) | TLS communication to CORE container |
DHCP CONTAINER | |
TCP/3300 (inbound; optional) | HTTPS communication for container configuration portal and API |
UDP/67 (inbound) | UDP for DHCP broadcast |
TCP/5353 (outbound) | TLS communication to CORE and DIST containers |
MONITOR CONTAINER | |
TCP/3300 (inbound; optional) | HTTPS communication for container configuration portal and API |
TCP/5353 (outbound) | TLS communication to CORE and DIST containers |
random | A random port assignment given to monitors. Due to the port randomization, NS1 recommends outbound ports are not restricted. |
TCP/7777 (inbound) | Used for stateful communication when high-availability (HA) mode is enabled |
UDP/7777 (inbound & outbound) | Used for heartbeat communication when high-availability (HA) mode is enabled |