Blocking TCP
Joseph S D Yao
jsdy at center.osis.gov
Tue Nov 6 18:38:59 UTC 2001
On Tue, Nov 06, 2001 at 10:50:07AM +0100, Tilo Lutz wrote:
> I've read in a Firewall book TCP is only used to do
> zonetransfers.
> So I only allow the secondary DNS to do zonetransfers.
> But since that many request via TCP are blocked by my
> firewall.
> Is it OK blocking these requests or ist it "unhealthy" ?
Not OK. It is "unhealthy." The book is wrong - that's not the only
use. There are several other uses of TCP, and there are better ways of
limiting who may transfer zones.
[Cricket, is this a FAQ yet? We certainly discussed it enough. ;-)]
--
Joe Yao jsdy at center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list