Bill Campbell wrote:
On Wed, Jul 23, 2008, Lanny Marcus wrote:
On Sat, Jul 19, 2008 at 2:27 PM, John Hinton <[EMAIL PROTECTED]> wrote:
OK, so does anybody have a good firewall rule solution for what we're
supposed to be doing with bind these days? Obviously port 53 is no longer
enough.
On Wed, Jul 23, 2008, Lanny Marcus wrote:
>On Sat, Jul 19, 2008 at 2:27 PM, John Hinton <[EMAIL PROTECTED]> wrote:
>> OK, so does anybody have a good firewall rule solution for what we're
>> supposed to be doing with bind these days? Obviously port 53 is no longer
>> enough.
>
>Consider using djbd
On Mon, Jul 21, 2008 at 6:37 AM, John Hinton <[EMAIL PROTECTED]> wrote:
> Johnny Hughes wrote:
>>
>> John Hinton wrote:
>>>
>>> OK, so does anybody have a good firewall rule solution for what we're
>>> supposed to be doing with bind these days? Obviously port 53 is no longer
>>> enough.
>>>
>>
>> h
On Wed, 2008-07-23 at 17:37 -0500, Lanny Marcus wrote:
> On Sat, Jul 19, 2008 at 2:27 PM, John Hinton <[EMAIL PROTECTED]> wrote:
> > OK, so does anybody have a good firewall rule solution for what we're
> > supposed to be doing with bind these days? Obviously port 53 is no longer
> > enough.
>
>
On Wed, Jul 23, 2008 at 5:59 PM, Craig White <[EMAIL PROTECTED]> wrote:
> On Wed, 2008-07-23 at 17:37 -0500, Lanny Marcus wrote:
>> On Sat, Jul 19, 2008 at 2:27 PM, John Hinton <[EMAIL PROTECTED]> wrote:
>> > OK, so does anybody have a good firewall rule solution for what we're
>> > supposed to be
On Wed, 2008-07-23 at 17:37 -0500, Lanny Marcus wrote:
> On Sat, Jul 19, 2008 at 2:27 PM, John Hinton <[EMAIL PROTECTED]> wrote:
> > OK, so does anybody have a good firewall rule solution for what we're
> > supposed to be doing with bind these days? Obviously port 53 is no longer
> > enough.
>
> C
On Sat, Jul 19, 2008 at 2:27 PM, John Hinton <[EMAIL PROTECTED]> wrote:
> OK, so does anybody have a good firewall rule solution for what we're
> supposed to be doing with bind these days? Obviously port 53 is no longer
> enough.
Consider using djbdns instead of BIND. It sounds like an excellent
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Behalf Of Scott Mazur
> Sent: Wednesday, July 23, 2008 12:19 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Bind Firewall Rules
>
>
> On Wed, 23 Jul 2008 12:40:42 -0400, John H
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John,
> Maybe I'm just missing something... I have
>
> -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 53 --state NEW -j
> ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp -m state --dport 53 --state NEW -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m sta
On Wed, 23 Jul 2008 12:40:42 -0400, John Hinton wrote
> I'm running caching nameservers on almost all of my systems and then
> also three nameservers. All are available publicly. I too had hard
> coded bind to port 53. I also had specifically opened port 53
> through the firewall. But now, it ap
issue.
John Hinton
P.A > -Original Message-
P.A > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
P.A > Behalf Of John Hinton
P.A > Sent: Wednesday, July 23, 2008 12:41 PM
P.A > To: CentOS mailing list
P.A > Subject: Re: [CentOS] Bind Firewall Rules
P.A >
P.A > na
Paul A wrote:
> Correct me if I'm wrong but from my understanding doesn't the new BIND
> randomize outgoing source ports only? - If so then if you have your firewall
> to allow established connections you should be all set.
That's a good point, just tested it out on my firewall, removed
the port 5
IL PROTECTED] On
P.A > Behalf Of John Hinton
P.A > Sent: Wednesday, July 23, 2008 12:41 PM
P.A > To: CentOS mailing list
P.A > Subject: Re: [CentOS] Bind Firewall Rules
P.A >
P.A > nate wrote:
P.A > > John Hinton wrote:
P.A > >
P.A > >> Do I just ask really
nate wrote:
John Hinton wrote:
Do I just ask really hard questions or are my questions just not clear?
There has to be others on this list that are running nameservers via
CentOS. This seems to be a nasty issue that we who are running bind need
to get right.
And the fix is really stupi
John Hinton wrote:
> Do I just ask really hard questions or are my questions just not clear?
> There has to be others on this list that are running nameservers via
> CentOS. This seems to be a nasty issue that we who are running bind need
> to get right.
And the fix is really stupid for those runn
John Hinton wrote:
Johnny Hughes wrote:
John Hinton wrote:
OK, so does anybody have a good firewall rule solution for what
we're supposed to be doing with bind these days? Obviously port 53
is no longer enough.
how do you mean?
opening port 53 in is still enough ... the outbound port is w
Johnny Hughes wrote:
John Hinton wrote:
OK, so does anybody have a good firewall rule solution for what we're
supposed to be doing with bind these days? Obviously port 53 is no
longer enough.
how do you mean?
opening port 53 in is still enough ... the outbound port is what is
randomized
John Hinton wrote:
OK, so does anybody have a good firewall rule solution for what we're
supposed to be doing with bind these days? Obviously port 53 is no
longer enough.
how do you mean?
opening port 53 in is still enough ... the outbound port is what is
randomized
not sure what kind of
On Sat, 2008-07-19 at 15:27 -0400, John Hinton wrote:
> OK, so does anybody have a good firewall rule solution for what we're
> supposed to be doing with bind these days? Obviously port 53 is no
> longer enough.
are you opening both tcp and udp?
Craig
__
OK, so does anybody have a good firewall rule solution for what we're
supposed to be doing with bind these days? Obviously port 53 is no
longer enough.
TIA
John Hinton
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo
20 matches
Mail list logo