Does BIND use TCP protocol?
Mark_Andrews at iengines.com
Mark_Andrews at iengines.com
Fri Nov 5 00:02:54 UTC 1999
> I recently went to one of those Web sites where you can configure a
> Linux ipchains firewall online. After answering many questions about
> my configuration, it spit out a template on an ipchains ruleset. The
> rules show the use of both UDP and TCP for DNS traffic (see below).
>
> The name server on my LAN is authoritive only for the nodes on the LAN
> and does name resolution via my ISP for all other requests. My name
> server never answers requests from outside my own domain.
>
> I am not asking if the ruleset below is good or even workable. It is
> just the protocol use I an interested in.
>
> So... does BIND really use TCP for DNS traffic, and if so, what does
> it use that protocol for?
Yes, it always has in one way or another. Queries (sending and
receiving), updates and zone transfers.
>
> Thank you.
>
>
> ----- This is the suggested firewall config for DNS:
>
> ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
> -s $NAMESERVER 53 \
> -d $IPADDR $UNPRIVPORTS -j ACCEPT
>
> ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
> -s $IPADDR $UNPRIVPORTS \
> -d $NAMESERVER 53 -j ACCEPT
>
> ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> -s $NAMESERVER 53 \
> -d $IPADDR $UNPRIVPORTS -j ACCEPT
>
> ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
> -s $IPADDR $UNPRIVPORTS \
> -d $NAMESERVER 53 -j ACCEPT
>
>
> *** Steve Snyder ***
>
>
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at iengines.com
More information about the bind-users
mailing list