BIND, firewalls, and misc DNS request
cricket at menandmice.com
Wed Oct 30 06:31:14 UTC 2002
crichmon at beast.chaos.home wrote:
> I've got a linux box running ISC bind 8.3.x that plays
> router/firewall/DNS for a bogus domain all behind a cable
> modem. I've made the firewall restrictive, but what I find
> is that I have to create a rather large number of holes in
> the firewall for all the root and tld servers. I'm also
> finding log messages for other various DNS servers like
> dns01.exodus.net, dns-07.ns.aol.com, ns1.conepuppy.com,
> So... why is my server asking these guys for name
> resolution, and do I need to poke more holes or just
> ignore the rejected outbound packets?
Do you send recursive queries to the name server for domain
names in zones that other name servers are authoritative for?
I mean, if you ask your name server for cnn.com's address,
you've got to expect it to query the cnn.com name servers.
Men & Mice
DNS Software, Training and Consulting
The DNS and BIND Cookbook, available now!
More information about the bind-users