forwarders

[Simon Waters]

David Portabella wrote:
> 
> Yes, I have a firewall.
> I think that DNS uses 53/tcp and 53/udp, so I opened this ports to the
> firewall and redirected to my server computer.
> 
> is this right?

For queries of the Internet typically you need to allow outgoing
queries to port 53 ISP's name server (Both UDP and TCP).

If there is no reason for Internet based servers to initiate
contact with your internal DNS servers (i.e. You don't have
zones transfered out or DNS queries for zones hosted on the box)
there is no reason to allow inbound DNS traffic (Other than as
is needed for replies to those mentioned in the previos
paragraph.
 
> anyway, i can do a nslookup from my server computer using my isp dns server,
> and it works fine.
> 
> may be i have to open another port?

Nope - I think you should be checking you haven't opened too
many.

Do consider having a second internal DNS server, and a second
forwarder listed in the forwarder options, you have a chain of
DNS queries with two single points of failure in it.

-- 
Are you using the Internet to best effect ? www.eighth-layer.com
Tel: +44(0)1395 232769      ICQ: 116952768
Moderated discussion of teleworking at news:uk.business.telework