tcp/udp, clarification please

Joseph S D Yao jsdy at
Wed Oct 10 18:38:00 UTC 2001

On Wed, Oct 10, 2001 at 12:55:51PM -0400, Eoin Miller wrote:
> So someone couldnt do a zone transfer if i left only UDP open and DNS would
> still work, so this would cut down the functionality that the rest of the
> world does not need correct? the world needs only the resolving portion, my
> setup is very simple and minimal, the zone transfers happen behind the
> firewall ect ect

If this is what you want to do, then current versions of BIND 8 and 9
give you the capability to selectively allow zone transfers from as
narrow or wide a range as you desire.

DNS would NOT "still work" - at least, not particularly reliably - if
you opened UDP and closed TCP.

Do not seek to pick fruit by cutting the tree's trunk.

Why not have a DNS proxy ['named' can serve as such] on your firewall?
That would be even better than opening a UDP hole through your firewall.

Joe Yao				jsdy at - Joseph S. D. Yao
OSIS Center Systems Support					EMT-B
   This message is not an official statement of OSIS Center policies.

More information about the bind-users mailing list