On Tue, 24 Oct 2000, Eessa Kamal wrote:
> Hello Everyone,
>
> Could any one of you please tell me when the DNS Zone transfers (tcp/53)take
> place. I am administrating an ALG firewall and have defined rules for DNS
> Requests (UDP/53), but no rules are defined for DNS Zone (tcp/53), yet the
> firewall is working fine. All the names are being resolved accordingly.
> Under what circumstances, do I have to define DNS Zone rules. Who makes
> these DNS Zone requests, I know it has to be DNS to DNS, but can a machine
> other than DNS server make these requests.
> Thanks in advance for your time and efforts.
>
> Regards
> Eessa
Usually when the master updates the zone, it will notify the slave to get
an update. The slave then does a AXFR query and gets the zone. If you do
not have an internal machine acting as a secondary, you do not need to
allow AXFR. BUT, some resource records have many addresses returned for
doing round robin DNS. For example, americaonline.aol.com can return
numerous A records. You might need to allow TCP 53 as well.
Yes, machines other than DNS servers can do zone transfers. Any unix or nt
machine can request your zone. It depends if you allow the transfer.
.truman.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
