unless you are careful and only put information in the zone that you
intend to be public.
David Lang
On Fri, 9 Feb 2001, Ron Ryan wrote:
> Date: Fri, 9 Feb 2001 12:30:15 -0700
> From: Ron Ryan <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: dns security
>
>
>
> > First I would filter all ports on the DNS server and only open those
> > necessary. These might include udp/tcp 53 to the world and ssh from select
> > internal hosts. Verify you are always running the latest version of BIND
> > (probably in the 9.x series) or possibly you have switched over to a
> > better solution (djbdns)[1].
>
> I wouldn't recommend allowing tcp 53 unless you absolutely have to and then
> only with a trusted DNS server. TCP is normally used for zone transfers and
> you don't want to give away that information.
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
