Eessa -
Anyone can request a zone transfer by specifying in their DNS querying tool
of choice to do a full zone transfer. However, this also can be modified on
the DNS server to allow only certain IP addresses to be allowed to pull zone
transfers. I know companies, such as UUNET, does not restrict anyone that
can query for zone transfers. However, if you are wanting to limit who can
request a transfer of your zone (such as your secondary DNS provider), then
you would probably want to A) configure this on the DNS server itself, and
B) put a rule to only allow 53/tcp for those specific IP addresses. As for
requests for specific hosts, it only would need to use 53/udp.
Regards,
Matt
Matthew Reams
System Support Administrator
Intelix, Inc.
http://www.intelixinc.com
-----Original Message-----
From: Eessa Kamal [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 24, 2000 11:43 AM
To: [EMAIL PROTECTED]
Subject: DNS Zone transfers
Hello Everyone,
Could any one of you please tell me when the DNS Zone transfers (tcp/53)take
place. I am administrating an ALG firewall and have defined rules for DNS
Requests (UDP/53), but no rules are defined for DNS Zone (tcp/53), yet the
firewall is working fine. All the names are being resolved accordingly.
Under what circumstances, do I have to define DNS Zone rules. Who makes
these DNS Zone requests, I know it has to be DNS to DNS, but can a machine
other than DNS server make these requests.
Thanks in advance for your time and efforts.
Regards
Eessa
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
