Internal recursive nameserver access
Ladislav Vobr
lvobr at ies.etisalat.ae
Tue Aug 26 04:12:44 UTC 2003
I have posted just yesterday question about the dig source port and got
many replies, thanks for all of them. I have a question about the access
required for a proper functionality of internal recursive nameserver. I
have a L3 firewall as a default gateway for this nameserver. I would
like to have firewall setup as strict as possible.
1. I have basically allowed on this firewall all internal clients to
query the internal recursive nameserver from any source port to my
destination dns server port 53.
2. I have allowed the internal recursive nameserver (with source-query
set to particular IP address 1.2.3.4 and port number abcd) to go out on
this source port to any destination with port 53
3. And for udp I have allowed replies coming from any source with 53
source port, and destined to my dns server source port abcd.
Is there any better way, supposing you have l3 firewall only unable to
keep tracks of DNS queries id, and their relations ?
What is the best way how to use dig from such a nameserver occasionally?
Ladislav
More information about the bind-users
mailing list