#x27;security-basics'
Objet : RE: Securing DNS Server
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Folks,
If I am not mistaken, the DNS server in the DMZ should be a SECONDARY
IE: a non-writable database. Furthermore, the DNS server on your internal
network should be the primary giving ONL
> -Original Message-
> From: Michael Vaughan [mailto:list@;predator-hunter.com]
> Sent: Monday, November 04, 2002 12:50 PM
> To: Naman Latif; 'security-basics'
> Subject: RE: Securing DNS Server
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
2002-11-05-14:36:41 Naman Latif:
> Try adding this to named.conf:
>
> options {
> query-source address * port 53;
> };
> ++
>
> Which would have the originating queries only from Port 53, thus making
> it easier to implement in the firewall.
It may make it ea
security-basics
> Subject: Re: Securing DNS Server
>
>
7;t want to
open the ports for root servers.
Regards
--
Mustafa Baig
*-. -Original Message-
*-. From: Daniel Miessler [mailto:danielrm26@;hotmail.com]
*-. Sent: Monday, November 04, 2002 8:26 PM
*-. To: 'Naman Latif'; 'security-basics'
*-. Subject: RE: Securing DNS Serv
> But it turned out that when our DNS Server has to query a root name
> server, it sends out a UDP query with a random higher (>1023) source
> port number, which means that I will have to open >1023 Ports access
to
> this server from outside.
You don't have to open ports on your firewall that corr
nal Message-
> From: Michael Vaughan [mailto:list@;predator-hunter.com]
> Sent: Monday, November 04, 2002 12:50 PM
> To: Naman Latif; 'security-basics'
> Subject: RE: Securing DNS Server
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Folks,
&
Hi,
I am trying to restrict Access to our DNS Server from Outside using a
Cisco IOS Firewall. Initially we only had Port 53 Access to this Server
from outside.
But it turned out that when our DNS Server has to query a root name
server, it sends out a UDP query with a random higher (>1023) source
po