Date: Fri, 24 Mar 2000 01:35:02 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: J A Shamsi <jashamsi@yahoo.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: DNS and FIREWALL Message-ID: <20000324013459.I654@hades.hell.gr> In-Reply-To: <20000323175541.25633.qmail@web4107.mail.yahoo.com>; from jashamsi@yahoo.com on Thu, Mar 23, 2000 at 09:55:41AM -0800 References: <20000323175541.25633.qmail@web4107.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 23, 2000 at 09:55:41AM -0800, J A Shamsi wrote: > Hello I am trying to configure DNS on a machine protected by firewall. > I have named 8.xx do I need to use port 53 specifically. Yes, you have to allow explicitly at least udp/53 for client queries. Now, if your named has some secondary zones from other servers, or some server outside the firewall is playing backup server for your zones, you might also find it useful to allow tcp/53 through. Being selective on who gets allowed to connect to port tcp/53 is not a bad thing. For instance if you just want your named to play secondary for some zone, no need to allow incoming tcp/53 connections. You can make your named use a non-priviledged ephemeral port for queries, and allow only outgoing connections to tcp/53. But most of this depends on your named's setup. You might have already had a look, but </usr/share/doc/bind/html/index.html> is always a nice place to start looking for more information ;) - Giorgos Keramidas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000324013459.I654>