From owner-freebsd-security Wed Jan 9 6:14:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from web11803.mail.yahoo.com (web11803.mail.yahoo.com [216.136.172.157]) by hub.freebsd.org (Postfix) with SMTP id 45A9837B400 for ; Wed, 9 Jan 2002 06:14:08 -0800 (PST) Message-ID: <20020109141408.5474.qmail@web11803.mail.yahoo.com> Received: from [64.73.64.94] by web11803.mail.yahoo.com via HTTP; Wed, 09 Jan 2002 06:14:08 PST Date: Wed, 9 Jan 2002 06:14:08 -0800 (PST) From: X Philius Reply-To: xphilius@yahoo.com Subject: RE: Help with ipfw rules to allow DNS queries through To: muhitov@kostasoft.spb.ru, security@FreeBSD.ORG In-Reply-To: <2E8E747BA4D4994CB49D56AF57F1728208B309@adv.KOSTASOFT.kostasoft.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yuri, Is is sufficient to use the default "open" rule set, or do you think I need to swap out my kernel and modules so that I do not have ipfw in the kernel at all? I have compiled the kernel with ipfw and default to deny, so I cen't really "turn off" the firewall without swapping kernels. As far as being authoratative on a domain, I have not gotten to that point yet, but I *think* I have a pretty good handle on that part of the equation. I have some "junk" domains (ie no traffic URL's) that I can practice on once I get everything set up. One of my questions is how to verify that my name server is set up and available externally, without going through the hassle of getting a friend involved to provide secondary, and wrestling with changing settings at my registrar. Jason --- Yuri Muhitov wrote: > > > > -----Original Message----- > > From: owner-freebsd-security@FreeBSD.ORG > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of X Philius > > Sent: Wednesday, January 09, 2002 4:30 AM > > To: Ian Smith > > Cc: G.P. de Boer; security@FreeBSD.ORG; Dave Raven > > Subject: Re: Help with ipfw rules to allow DNS queries through > > > > > > > > > > Advice: Turn off firewall while debugging your DNS setup. > Question: Did somebody registered your zone and name server (so, did > you get > your nameserver authoritative for zone)? > > Take a look at this (RFC 1033 DOMAIN ADMINISTRATORS OPERATIONS > GUIDE): > > ADDING A SUBDOMAIN > To add a new subdomain to your domain: > Setup the other domain server and/or the new zone file. > Add an NS record for each server of the new domain to the zone file > of the > parent domain. > Add any necessary glue RRs. > > Yuri > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message