Date: Thu, 3 Apr 1997 21:18:13 -0800 (PST) From: Doug White <dwhite@gdi.uoregon.edu> To: Lars Jonas Olsson <ljo@mcs.net> Cc: questions@freebsd.org Subject: Re: Firewall for internal DNS server? Message-ID: <Pine.BSF.3.96.970403211107.464H-100000@localhost> In-Reply-To: <199704022014.OAA00341@Jupiter.Mcs.Net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2 Apr 1997, Lars Jonas Olsson wrote: > I have a FreeBSD machine that's connected to internet and local LAN. > The LAN has IP #s 10.x.x.x. The FreeBSD server runs sendmail, popper, > squid, and named (DNS). The FreeBSD server does not forward packets. > > DNS is setup to be primary for 10.x.x.x and caching for everything > else. > > There is currently no firewall or tcpwrappers etc running on server. > Most services have been disabled and only a few people have login > accounts. Many more have POP accounts with no login shell and no login > directory. > > What's the best way to keep outside people from using the DNS server > on the FreeBSD host? We only want to be able to get mail via pop and > send mail via smtp from outside. Block inbound connections on port 53 on your firewall. A run through the BIND Operator's Guide doesn't locate any keywords that can restrict queries from specific machines, so you'll have to block the port. (Why someone would want to ask your nameserver for obviously bogus information I don't know.) Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970403211107.464H-100000>