[9.2.3] Resticting ports
Helmut Schneider
jumper99 at gmx.de
Thu Nov 11 12:42:53 UTC 2004
Ketil Froyn wrote:
> On Thu, 2004-11-11 at 09:23, Helmut Schneider wrote:
>
>> query-source address * port 53;
>
> Don't do that. DNS forgery is much easier when you do that, and some
> firewalls will probably block queries originating from port 53 as
> well.
>
> For more information on DNS forgery, read this:
>
> http://cr.yp.to/djbdns/forgery.html
(un)done
Thanks, Helmut
--
Please do not feed my mailbox, Swen still does his job well
More information about the bind-users
mailing list