/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
>i'd recommend telling your name server to use port 53 as the source >port for its queries. see http://fwup.org/firewall.policy for details. >this allows yuo to maintain a strong ruleset since incoming udp packets >need only be allowed to port 53. by default, recent name servers use >ephemeral ports. This isn't entirely true. Some queries that are larger than a certain size will require the use of TCP. Beyond that, the only other use of TCP for DNS is for Zone transfers. Since you aren't running your own domain, this won't be an issue. --David .----------------------------------------------------------------------------. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | !---- ----! `----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----' _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
