Firewall/Access-List issues
Robert Gahl
bgahl at bawcsa.org
Thu May 17 00:03:07 UTC 2001
I'm running BIND behind CISCO routers at two different sites using
access-lists to prevent unwarranted ports to pass.
I have accurately written (or so I think) the access-list so that zone
transfers can occur. And, in fact, zone transfers from one co-lo to the
other look to work just fine (delete a secondary file, kick bind, zone
transfer replaces the file). I'm currently running 9.1.1 (about to upgrade
to 9.1.2).
Here's the dilemma. While the zone transfers work, and the external world
is having no problem asking me for zone data and getting it, 'dig' is
causing me no end of grief when I try to do a lookup . The odd part is that
what is failing is doing a 'dig' ffom behind one firewall to behind
another. Doing a dig to the ISPs DNS machine works just fine.
I guess what I'm asking is, what ports does something like dig use,
outbound and inbound? I scanned the archives and while I found data dealing
with serving zone information, I didn't find anything dealing with dig.
Thanks.
===
Bob Gahl Bicycle (Ryan Vanguard) Mobile || @
ARPA/Internet: bgahl at bawcsa.org || !_ \
URL: http://www.bawcsa.org/bgahl/ || (*)-~--+--(*)
"Sahn joong moe low ful how jee yah ching wong" - "When the
mountain has no tigers, the monkey will also declare himself
king." Chinese Proverb
More information about the bind-users
mailing list