Firewalling DNS
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Jul 12 00:08:25 UTC 2000
> Hi,
>
> we control a primary DNS which hosts a number of domains with our ISP as
> secondary, as DNS is so hackable we thought we could just block DNS to our
> server apart from, from our ISP. Is this generally acceptable, or do we need
> to allow the whole world to our DNS? Any assistance greatly appreciated...
>
>
> Jody Lakin
If your server is listed in the NS records you should be
willing to accept queries from anywhere. If not you only
need to accept queries from your secondaries. If you do
this you have a "stealth master" configuration. Regardless
of whether you have the master listed in the NS records it
should be listed in the SOA's origin field.
Mark
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list