BIND, firewalls, and misc DNS request

England, Robert (Robert) england at northamerica.exchange.agere.com
Wed Oct 30 13:02:22 UTC 2002


Instead of punching a bunch of holes just open port 53 tcp/udp, you are
going to query a lot of different DNS servers based on the referrals you get
from the root zone servers.

Robert C. England
Agere Systems, Inc.
(610) 712-5549 (w)

england at agere.com



-----Original Message-----
From: crichmon at beast.chaos.home [mailto:crichmon at beast.chaos.home] 
Sent: Wednesday, October 30, 2002 12:44 AM
To: comp-protocols-dns-bind at isc.org
Subject: BIND, firewalls, and misc DNS request


Hi Folks,

   I've got a linux box running ISC bind 8.3.x that plays
router/firewall/DNS for a bogus domain all behind a cable modem.  I've made
the firewall restrictive, but what I find is that I have to create a rather
large number of holes in the firewall for all the root and tld servers.  I'm
also finding log messages for other various DNS servers like
dns01.exodus.net, dns-07.ns.aol.com, ns1.conepuppy.com, etc.

So... why is my server asking these guys for name
resolution, and do I need to poke more holes or just
ignore the rejected outbound packets?

Thx, Chris


More information about the bind-users mailing list