BIND, firewalls, and misc DNS request

England, Robert (Robert) england at
Wed Oct 30 13:02:22 UTC 2002

Instead of punching a bunch of holes just open port 53 tcp/udp, you are
going to query a lot of different DNS servers based on the referrals you get
from the root zone servers.

Robert C. England
Agere Systems, Inc.
(610) 712-5549 (w)

england at

-----Original Message-----
From: crichmon at beast.chaos.home [mailto:crichmon at beast.chaos.home] 
Sent: Wednesday, October 30, 2002 12:44 AM
To: comp-protocols-dns-bind at
Subject: BIND, firewalls, and misc DNS request

Hi Folks,

   I've got a linux box running ISC bind 8.3.x that plays
router/firewall/DNS for a bogus domain all behind a cable modem.  I've made
the firewall restrictive, but what I find is that I have to create a rather
large number of holes in the firewall for all the root and tld servers.  I'm
also finding log messages for other various DNS servers like,,, etc.

So... why is my server asking these guys for name
resolution, and do I need to poke more holes or just
ignore the rejected outbound packets?

Thx, Chris

More information about the bind-users mailing list