[9.2.3] Resticting ports
Ketil Froyn
isc_bind at ketil.froyn.name
Thu Nov 11 10:14:33 UTC 2004
On Thu, 2004-11-11 at 09:23, Helmut Schneider wrote:
> query-source address * port 53;
Don't do that. DNS forgery is much easier when you do that, and some
firewalls will probably block queries originating from port 53 as well.
For more information on DNS forgery, read this:
http://cr.yp.to/djbdns/forgery.html
Ketil Froyn
ketil at froyn.name
http://ketil.froyn.name/
More information about the bind-users
mailing list