named error messages in log file, how to fix?
Rich Johnson
rajohnson1 at qwest.net
Mon Jun 25 17:12:03 UTC 2001
At 08:58 AM 6/25/01 +0200, you wrote:
> Actually, I know absolutely nothing of how Linux does firewalling
>or packet filtering, but this would seem to show you blocking an
>*incoming* packet on port 53. You don't want to do that, either --
>your server will probably be making queries from port 53, and you
>want to be able to receive responses.
The typical firewall (e.g., ipchains for linux 2.2x) is able to
distinguish between requests and responses, permitting the denial
of incoming requests but allowing the responses from locally
generated requests.
There is no reason to allow the outsider access to your bind
server unless you absolutely want this. Even then, the firewall
rules should limit the outsiders to only the other remote DNS
machines in your configuration.
More information about the bind-users
mailing list