Alejandro G. Belluscio wrote:
Hello David, Wednesday, February 19, 2003, 11:29:47 AM, you wrote: David> DNS sometimes also uses TCP on port 53 for large packets, so you David> probably want to allow that as well. I don't think so. DNS uses TCP only for zone transfers. But since he'll use dbjdns, which specifically DOESN'T supports either zone transfers or TCP, there's no point in opening that point of failure.
Don't forget about axfrdns for TCP queries and zone x-fers. He'll be fine.
DS
Besides, the problem of hsoting your own DNS is that: 1) You get a listed server so you're fair game for script kiddies. 2) No software has the security track record of BIND (ok, may be MS, but let's not get to a MS bashing fest). So it's the number one port for script kiddies to try. Specifically, because they can't know the difference with dbjdns. I have contracted my dns. So I forget about that security problem, and since it's so cheap, and given that the increase in reading logs that causes hosting a DNS, I think it's actually cheaper. I pay like $4 per year for domain. Being cheap let's say that I make than in an hour. Do I save myself more than an hour of dns maintenance plus security aduting plus the eventuality of the time and expenses of having your machine owned? Yeah! Big time! Think about it. In fact it might be cheaper than buing a new sofa :-)
