Firewalling DNS
Thomas Endo
tendo at stamps.com
Tue Jul 11 17:08:02 UTC 2000
Jody,
Generally, what you will need to do is set up the SOA of each zone to name
one of the DNSs on the ISP as primary, and get a second ISP machine as a
secondary where you can transfer updates to.
In this case, it is likely allowed as all you would need to do is configure
the NS records in each zone to omit your machine.
The other DNSs that delegates to you will not name your machine, and so you
can avoid getting general traffic to your machine.
Tom
-----Original Message-----
From: Jody Lakin [mailto:jody at NOSPAM.finds.org]
Sent: Tuesday, July 11, 2000 1:58 AM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: Firewalling DNS
Hi,
we control a primary DNS which hosts a number of domains with our ISP as
secondary, as DNS is so hackable we thought we could just block DNS to our
server apart from, from our ISP. Is this generally acceptable, or do we need
to allow the whole world to our DNS? Any assistance greatly appreciated...
Jody Lakin
More information about the bind-users
mailing list