Does BIND use TCP protocol?
Steve Snyder
swsnyder at home.com
Thu Nov 4 23:47:35 UTC 1999
I recently went to one of those Web sites where you can configure a
Linux ipchains firewall online. After answering many questions about
my configuration, it spit out a template on an ipchains ruleset. The
rules show the use of both UDP and TCP for DNS traffic (see below).
The name server on my LAN is authoritive only for the nodes on the LAN
and does name resolution via my ISP for all other requests. My name
server never answers requests from outside my own domain.
I am not asking if the ruleset below is good or even workable. It is
just the protocol use I an interested in.
So... does BIND really use TCP for DNS traffic, and if so, what does
it use that protocol for?
Thank you.
----- This is the suggested firewall config for DNS:
ipchains -A input -i $EXTERNAL_INTERFACE -p udp \
-s $NAMESERVER 53 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p udp \
-s $IPADDR $UNPRIVPORTS \
-d $NAMESERVER 53 -j ACCEPT
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $NAMESERVER 53 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
-d $NAMESERVER 53 -j ACCEPT
*** Steve Snyder ***
More information about the bind-users
mailing list