>>Recently I have been receiving several weird netfilter logs complaining >>about denied DNS queries
>Um, how's netfilter telling you this? This is the basic chain that I have created for DNS. I have tested it and have found it to work perfectly (in my opinion, anyway). # Domain Name Service # allow our caching-only nameserver to forward queries to our ISP's # nameservers and to listen to our local net for internal queries # Permit incomming and outgoing DNS queries from the localhost iptables -A DNS -i $LOOPBACK -s $LOCALHOST -j ACCEPT iptables -A DNS -o $LOOPBACK -d $LOCALHOST -j ACCEPT # Permit incomming and outgoing DNS queries from our LAN iptables -A DNS -i $LANIFACE -s $LAN -j ACCEPT iptables -A DNS -o $LANIFACE -d $LAN -j ACCEPT # Permit incomming and outgoing datagrams from and to # our ISP's nameservers iptables -A DNS -i $EXTIFACE -s $PRINAME -j ACCEPT iptables -A DNS -i $EXTIFACE -s $SECNAME -j ACCEPT iptables -A DNS -o $EXTIFACE -d $PRINAME -j ACCEPT iptables -A DNS -o $EXTIFACE -d $SECNAME -j ACCEPT # All filtering is done, Log N Drop all other DNS datagrams iptables -A DNS -j LOGNDROP The logs that I am receiving look like this, only the IP is usually different from log to log: Jun 28 15:39:25 NodeFilter kernel: Denied UDP: IN= OUT=eth0 SRC=xxx.xxx.xxx.xxx DST=192.5.5.241 LEN=67 TOS=0x00 PREC=0x00 TTL=32 ID=0 DF PROTO=UDP SPT=53 DPT=53 clear LEN=47 Seems to me that I am receiving a lot of odd ball DNS queries going out. It could be named queriying the master name servers or maybe I'm just paranoid :-D >>Where could I find any relative information on running BIND in a chroot >>jail on Debian? I actually found a link over at Psionic software: http://www.psionic.com/papers/dns and another over at LinuxDoc.org http://www.linuxdoc.org/HOWTO/Chroot-BIND-HOWTO.html I'll be attempting to create a chroot jail for named later on tonight, I'll let you know how it turns out, Stef
