If stateful UDP:53 is a problem because of the load you have, you might
want to consider the following setup:

       - Allow all packets to/from port 53 of your ISP's named (without
         keeping state information in the firewall).
       - Set up your ISP's named as a "forwarder".



That's what I'm trying to do. I've studied firewalls for awhile, but I'm still very new to running named. The only reason I'm running named at all is because the other machines on my LAN expect my gateway to handle DNS for them. My named isn't meant to be authoritative - just a cacheing server. The only change I've made to the default named.conf is to replace the loopback address in the "forwarders { }" section with my ISP's DNS.
I've read about options for securing named with checksums, but I don't understand it well enough yet to try it out. I'm also not sure if this configuration is the most efficient.. Am I really cacheing anything or just always asking my ISP to handle DNS for me?

I've gotten off-topic and I really should rtfm on named now, since it sounds like that's my next biggest security problem.
Thanks again.

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to