Bind 8.3.1 on win2000 with port mapping
Eivind Olsen
eivind.olsen at ttyl.com
Tue Feb 19 14:27:47 UTC 2002
--On 19. februar 2002 06:22 -0800 Chris F <freaknetboy at yahoo.com> wrote:
> 53/tcp is only used for zone transfers.
No it's not. It's also being used if for example the reply for a query
becomes too large.
> Only open 53/tcp to those whom you trust to pull your
> zones.
No - if the nameserver is a public one (serving any domain) you should
leave port 53 - both TCP and UDP - open. You might of course limit who can
do zone transfers if you feel like it, but that should _not_ be done by
just blocking port 53 TCP. It should be done by for example the
allow-transfer statement in named.conf.
--
Talk To You Later
Eivind Olsen
More information about the bind-users
mailing list