Hi there, I have two jails with named(8) running on my server. - The first one (dns_int) is used as a resolver for my local network, and also serve the zone adressing it. - The second one (dns_ext) is used to serve my zones on the Internet side.
I want to know if the following rules are secure enough and if there can be tightened regarding the DNS protocol and the policy I've set up. === 8< === 8< === 8< === pass in inet proto { tcp, udp } from $local_net to $dns_int domain keep state pass out inet proto { tcp, udp } from $dns_int to any domain keep state pass in inet proto { tcp, udp } from any to $dns_ext domain keep state pass out inet proto { tcp, udp } from $dns_int to !$local_net domain keep state === 8< === 8< === 8< === Thank you. PS: If you know about problems using the same nameserver for resolving and serving my internal zone, please let me know as well. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"