On Mon, Apr 1, 2013 at 2:54 PM, Michael H. Warfield wrote:
>>
> AFA how BIND should be shipped... Last time I looked (just a couple of
> days ago) BIND ships in a fairly secure manner (local caching resolver
> listening on localhost only) and the default IP tables blocks DNS
> queries and respons
On Mon, 2013-04-01 at 11:17 -0700, John R Pierce wrote:
> On 4/1/2013 6:11 AM, Michael H. Warfield wrote:
> > it's also very important to implement BCP (Best Common Practice) 38.
> > BCP 38 recommends router egress filtering. That is, you only route out
> > what will route back in. That prevents
On Mon, Apr 1, 2013 at 1:30 PM, Michael H. Warfield wrote:
>
> Actually, it's pretty easy with netfilter / iptables. Other firewalls
> like pf filter on *BSD an proprietary work similar. If you know your
> inside networks you merely add a rule to block incoming packets on your
> external interfa
On 4/1/2013 6:11 AM, Michael H. Warfield wrote:
> it's also very important to implement BCP (Best Common Practice) 38.
> BCP 38 recommends router egress filtering. That is, you only route out
> what will route back in. That prevents you (or any of your customers)
> from being a spoofing source.
On Mon, Apr 1, 2013 at 8:11 AM, Michael H. Warfield wrote:
> It's the the job of your security
> perimeter firewalls to filter local vrs foreign packets and on-session
> vrs unsolicited packets.
You say that as though everyone has such tools. Or that they are such
an integrated part of the TCP/I
On Thu, 2013-03-28 at 11:29 -0700, John R Pierce wrote:
> On 3/28/2013 11:11 AM, Jorge Fábregas wrote:
> > On 03/28/2013 02:05 PM, John R Pierce wrote:
> >> >is it as simple as adding allow-recursion{} with the appropriate private
> >> >subnets and localhost to named.conf ?
> > Yes. That's basica
Am 29.03.2013 15:13, schrieb Leon Fauster:
> i would suggest to using view clauses to divide such configurations ...
I think that's overkill. allow-recursion{} is perfectly sufficient for
this purpose. Views are only needed if you want to return different
results for the same query from different
Am 28.03.2013 um 19:29 schrieb John R Pierce :
> On 3/28/2013 11:11 AM, Jorge Fábregas wrote:
>> On 03/28/2013 02:05 PM, John R Pierce wrote:
>> Yes. That's basically it.
>
> k, thanks, looks like its working!
i would suggest to using view clauses to divide such configurations ...
--
LF
___
On 3/28/2013 11:11 AM, Jorge Fábregas wrote:
> On 03/28/2013 02:05 PM, John R Pierce wrote:
>> >is it as simple as adding allow-recursion{} with the appropriate private
>> >subnets and localhost to named.conf ?
> Yes. That's basically it.
k, thanks, looks like its working!
--
john r pierce
On 03/28/2013 02:05 PM, John R Pierce wrote:
> is it as simple as adding allow-recursion{} with the appropriate private
> subnets and localhost to named.conf ?
Yes. That's basically it.
--
Jorge
___
CentOS mailing list
CentOS@centos.org
http://lists.
I have 2 CentOS servers that are both authoritative DNS for several
domains and local resolvers.As configured, they are publicly visible
resolvers, which I've known for awhile is not a good thing.
whats the appropriate way of configuring the bind on CentOS 5.current to
not allow recursion o
11 matches
Mail list logo
