Dns and security ?!
Daniel Voyer
daniel.voyer at cgi.ca
Fri Sep 3 20:13:01 UTC 1999
Hi all,
I have a split dns ( bind 8.2) running on a firewall. On that firewall i
have configured some rules and I allow only "domain udp" except for my
secondary dns on Internet I permit "domain tcp".
I do the same security configuration on the split dns, I allow only the
secondary to do transfer zone.
Inside the compagnie we have a couple Internal dns, with no security
features on it. I've just activate the option forwarding and forward
only.
BUT...if I test this security, I'm connect (dialup) to the Internet with
my litle isp and doing an nslookup.
First, I set server to the split dns on the firewall.
nsloukup
server splitdns.domain.ca
After, I can set server with an Internal ip address of one of the
internal dns
server 172.20.50.30
and it pass? I can not do any transfer zone but I can have an Internal
sever with a none-valid ip address.
My question is Why can I do that, what security options did I forget?
Maybe it's simply normal....
Dan
More information about the bind-users
mailing list