<quote who="[EMAIL PROTECTED]"> > Ah ok, that's probably part of what I missed. I suppose that > 203.42.34.54 is the IP address you tried to access, right?
no, 203.42.34.54 is the dns host > I wonder - did you keep getting "connection refused" when the server > listened on the TCP port and the only problem was the firewall? I think so... > For security's sake, I'd recommand blocking TCP access to your BIND > from anyone but your designated secondaries. Otherwise you open > this sensitive server for DOS attacks and all sorts of hazards, and they > are not > necessary for anyone else. so, that I'd need to do in ipchains rules, yes ? specifically allow tcp port 53 for each designated slave dns host ? is this how it works ? -A input -s 220.240.54.97 -d 0/0 53 -p tcp -y -j ACCEPT -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
