Check out the Mr. DNS site. You can limit zone xfers within your
named.conf by specifying authorized hosts. You may alsow want to take a
look at the DNS & Bind book by Cricket Liu(sp?). Checkout O'Reilly's 6
Book networking library on CD. It is the best electronic format books I
have ever seen. It fires up a search engine that lets you search accross
all 6 books at once (TCP/IP Net Admin., DNS&Bind,Sendmail,Sendmail desktop
ref.,Internet Firewalls, and Pract. Inet and Unix security). I had most
of these books already, but these are all the latest rev's and being able
to search accross all 6 books at once is priceless. GO ORA!!!
Carric Dooley
COM2:Interactive Media
http://www.com2usa.com
On Sun, 6 Jun 1999, Dave Wreski wrote:
>
> Hi all. I'm using Linux and ipchains as a packet filter for my firewall.
> I'd like to protect my external DNS server from being used to do
> unauthorized zone transfers, as well as unauthorized queries.
>
> I have the firewalls book, but it doesn't really explain what should be
> allowed and what shouldn't. It lists which UDP and TCP ports are used,
> but it isn't quite clear to me which I should be permitting and which I
> shouldn't. Perhaps someone has a ipchains script that they use for DNS?
>
> Under what circumstances do I need TCP? Only for zone transfers?
>
> So far, I have UDP domain to domain for the two secondaries on the
> Internet. I noticed that if I allow UDP >1023 to domain, I allow Internet
> hosts to use my nameserver to look up hosts other than in my domain.
>
> I have the xfernets directive specified in my bind configuration, but
> isn't there something more I can do with the firewall?
>
> Thanks,
> Dave
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
