BIND, firewalls, and misc DNS request
England, Robert (Robert)
england at northamerica.exchange.agere.com
Wed Oct 30 13:02:22 UTC 2002
Instead of punching a bunch of holes just open port 53 tcp/udp, you are
going to query a lot of different DNS servers based on the referrals you get
from the root zone servers.
Robert C. England
Agere Systems, Inc.
(610) 712-5549 (w)
england at agere.com
From: crichmon at beast.chaos.home [mailto:crichmon at beast.chaos.home]
Sent: Wednesday, October 30, 2002 12:44 AM
To: comp-protocols-dns-bind at isc.org
Subject: BIND, firewalls, and misc DNS request
I've got a linux box running ISC bind 8.3.x that plays
router/firewall/DNS for a bogus domain all behind a cable modem. I've made
the firewall restrictive, but what I find is that I have to create a rather
large number of holes in the firewall for all the root and tld servers. I'm
also finding log messages for other various DNS servers like
dns01.exodus.net, dns-07.ns.aol.com, ns1.conepuppy.com, etc.
So... why is my server asking these guys for name
resolution, and do I need to poke more holes or just
ignore the rejected outbound packets?
More information about the bind-users