DNS and intranet security
Barry Margolin
barmar at bbnplanet.com
Tue Oct 19 21:44:10 UTC 1999
In article <940325713.69111 at manipura.rete039.it>,
Diego <dcima at rete039.it> wrote:
>No, actually I do not have (and don't plan to) a registered domain. I just
>need named to access the internet, and to learn something new.
>BTW could you tell me more precise informations about "listen on"? I'm not a
>Bind expert, and I'm not sure about the syntax. And more, if I listen only
options {
...
listen-on { 127.0.0.1; 192.168.10.1; };
}
assuming 192.168.10.1 is the address of your internal interface.
>to my loopback, can I still query root servers and/or forwarders?
Yes. It will accept responses on any interface, but queries only on the
interfaces with the addresses in the listen-on list.
>One last question (might be out of topic...): I use nmap to check my linux
>security. But when I scan myself (i.e. my own computer) I cannot check the
>validity of my ipchains. I know I should do it from outside, but it's often
>a problem doing that. Any suggestion?
There's a recent thread in the comp.security.unix newsgroup where a guy was
reporting problems with his ipchains configuration, and he mentioned using
an outside web-based service that does a port scan of your system for you.
Search for a thread with "ipchains" in the Subject.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list