tcp/udp, clarification please
Joseph S D Yao
jsdy at center.osis.gov
Wed Oct 10 18:38:00 UTC 2001
On Wed, Oct 10, 2001 at 12:55:51PM -0400, Eoin Miller wrote:
> So someone couldnt do a zone transfer if i left only UDP open and DNS would
> still work, so this would cut down the functionality that the rest of the
> world does not need correct? the world needs only the resolving portion, my
> setup is very simple and minimal, the zone transfers happen behind the
> firewall ect ect
If this is what you want to do, then current versions of BIND 8 and 9
give you the capability to selectively allow zone transfers from as
narrow or wide a range as you desire.
DNS would NOT "still work" - at least, not particularly reliably - if
you opened UDP and closed TCP.
Do not seek to pick fruit by cutting the tree's trunk.
Why not have a DNS proxy ['named' can serve as such] on your firewall?
That would be even better than opening a UDP hole through your firewall.
--
Joe Yao jsdy at center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list