Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 3 Dec 1999 02:55:39 +0200
From:      d e a t h <charon@hades.hell.gr>
To:        freebsd-questions@freebsd.org
Subject:   Re: Internal vs External DNS (2 nameds)
Message-ID:  <19991203025539.C32201@hades.hell.gr>
In-Reply-To: <19991203024229.C31576@hades.hell.gr>
References:  <19991201225936.B10261@amethyst.hypostasis.com> <19991202123650.C5160@hades.hell.gr> <19991202144429.A86312@kearneys.ca> <19991203024229.C31576@hades.hell.gr>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 03, 1999 at 02:42:29AM +0200, d e a t h wrote:
...
> 	zone "0.0.10.IN-ADDR.ARPA" {
> 	        type master;
> 	        file "primary/localnet-rev";
> 	        allow-query { 10.0.0.0/8; 127.0.0.1; };
> 	};
> 
> and you're pretty sure that no queries will be sent to this zone from
> any hosts not listed in allow-query.  A combination of allow-query and
> allow-transfer might make those paranoid of us feel even more `safe'
> and relaxed ;)

Of course, now that I think about it, spoofed queries might get through
this ruleset, but their replies will go to the wrong place anyway. 
Moreover, you can always set ipfw up to block spoofed packets, coming
from the wrong interfaces, etc. etc.

Re: Ciao.

-- 
Giorgos Keramidas, <keramida@ceid.upatras.gr>
"What we have to learn to do, we learn by doing." [Aristotle]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991203025539.C32201>