ICMP/ Firewall issue
Igmar Palsenberg
maillist at chello.nl
Thu Oct 19 12:50:21 UTC 2000
> The firewall admin should disallow ICMP, but then the DNS server doesn't
> send them. Since you are behind the firewall, the firewall admin has to
> set up the firewall DNS as a slave to fetch these records from the your
> system, if that is the corporate policy to publish these addresses. The DNS
> doesn't know or care about the user. The lookup request is not getting past
> the firewall. If you turn on logging on the server serving the address,
> you will
> see that it never received a request.
Another case of an admin that thinks that blocking ICMP will make things
secure. Well, it won't. Blocking ICMP echo makes sense to me, the rest
doesn't and get's you into trouble sooner or later.
Igmar
More information about the bind-users
mailing list