Hi all. I'm using Linux and ipchains as a packet filter for my firewall.
I'd like to protect my external DNS server from being used to do
unauthorized zone transfers, as well as unauthorized queries.
I have the firewalls book, but it doesn't really explain what should be
allowed and what shouldn't. It lists which UDP and TCP ports are used,
but it isn't quite clear to me which I should be permitting and which I
shouldn't. Perhaps someone has a ipchains script that they use for DNS?
Under what circumstances do I need TCP? Only for zone transfers?
So far, I have UDP domain to domain for the two secondaries on the
Internet. I noticed that if I allow UDP >1023 to domain, I allow Internet
hosts to use my nameserver to look up hosts other than in my domain.
I have the xfernets directive specified in my bind configuration, but
isn't there something more I can do with the firewall?
Thanks,
Dave
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
