Internal recursive nameserver access
Barry Margolin
barry.margolin at level3.com
Wed Aug 27 14:51:25 UTC 2003
In article <bihclc$2l0e$1 at sf1.isc.org>,
Ladislav Vobr <lvobr at ies.etisalat.ae> wrote:
>Many people replied, but nobody said what to do in the condition I have,
>which I believe are not rare at all. Even in the reference Jim has
>mentioned "Building Internet Firewalls, second edition, Chapter 20 -
>DNS" there is nothing about query-source option of bind, or fw states of
>DNS upd traffic, it generally says source port random, deal with it.
How recent is that book? The query-source option didn't show up until BIND
8, and even if the book postdates this, the authors may not be expert
enough in DNS configuration to know about it.
Anyway, if you need to do digs, the solution until you can convince your
security people to update the firewall configuration seems to be to do them
from outside the firewall. There are some web sites that you can go to
that will perform DNS queries on your behalf (try samspade.org and
dnsstuff.com).
--
Barry Margolin, barry.margolin at level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list