BIND, firewalls, and misc DNS request

Cricket Liu cricket at
Wed Oct 30 06:31:14 UTC 2002

crichmon at beast.chaos.home wrote:
>    I've got a linux box running ISC bind 8.3.x that plays
> router/firewall/DNS for a bogus domain all behind a cable
> modem.  I've made the firewall restrictive, but what I find
> is that I have to create a rather large number of holes in
> the firewall for all the root and tld servers.  I'm also
> finding log messages for other various DNS servers like
> etc.
> So... why is my server asking these guys for name
> resolution, and do I need to poke more holes or just
> ignore the rejected outbound packets?

Do you send recursive queries to the name server for domain
names in zones that other name servers are authoritative for?
I mean, if you ask your name server for's address,
you've got to expect it to query the name servers.


Men & Mice
DNS Software, Training and Consulting

The DNS and BIND Cookbook, available now!

More information about the bind-users mailing list