udp packets and firewalls
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed May 31 01:11:17 UTC 2000
>
> I'm currently working with a customer who has a single Internet
> access point. The customer's firewall allows dns queries from the
> Internet to pass through to an internal nameserver.
> The customer wants to add a second Internet access point and allow
> dns queries to pass through both of the Internet access points.
>
> The customer's firewall is a packet filter and allows UDP packets
> to port 53 to pass in either direction (inbound or outbound). Is
> it safe to say that since only UDP packets are being allowed that
> a query which comes in to the internal network through a firewall
> in Singapore can be replied to by a response which passes outward
> through a firewall in Tokyo?
>
> Does the nameserver making the query care if the reply follows the
> same path as the query? It would appear not to matter but I just want
> to be sure bind doesn't care.
>
> Thanks.
That's a routing decision. BIND just sends the packet from the
address it recieved it on.
Note the firewall should also allow TCP traffic as the fallback
with large messages is to use TCP.
Mark
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list