bind and firewall opinion is needed

Sergey Nikolaev SNikolae at siac.com
Tue Apr 24 15:41:09 UTC 2001




Hi,

In the case when the master is behind firewall (hidden from the internet) and
the secondary is in front of firewall  (exposed to the internet), to facilitate
zone transfers
FW rules are required that allow bidirectional udp port 53 and unidirectional
tcp port 53
from secondary to primary.

While this configuration has some security advantages, it has drawbacks too.
If the secondary is compromised, there is the open incoming hole to the primary,
tcp and udp port 53 .

Is there a workaround? Other ways to transfer zones? Maybe, outgoing master to
secondary transfer is possible?


Thanks in advance,

Sergey




More information about the bind-users mailing list