Blocking TCP
Cricket Liu
cricket at menandmice.com
Tue Nov 6 19:55:25 UTC 2001
> On Tue, Nov 06, 2001 at 10:50:07AM +0100, Tilo Lutz wrote:
> > I've read in a Firewall book TCP is only used to do
> > zonetransfers.
> > So I only allow the secondary DNS to do zonetransfers.
> > But since that many request via TCP are blocked by my
> > firewall.
> > Is it OK blocking these requests or ist it "unhealthy" ?
>
> Not OK. It is "unhealthy." The book is wrong - that's not the only
> use. There are several other uses of TCP, and there are better ways of
> limiting who may transfer zones.
>
> [Cricket, is this a FAQ yet? We certainly discussed it enough. ;-)]
I'm sure it is. Who's working on the FAQ now?
cricket
Men & Mice
DNS Software & Services
www.menandmice.com
Attend our next DNS and BIND class! See
http://www.menandmice.com/8000/8000_dns_training.html
for the schedule and to register for upcoming classes
More information about the bind-users
mailing list