Blocking TCP
Barry Margolin
barmar at genuity.net
Tue Nov 6 18:02:38 UTC 2001
In article <9s98fd$n8f at pub3.rc.vix.com>, Tilo Lutz <TiloLutz at gmx.de> wrote:
>I'm using bind9
>I've read in a Firewall book TCP is only used to do
>zonetransfers.
The book is not precise. Ordinary DNS queries can use TCP, but they
usually don't.
>So I only allow the secondary DNS to do zonetransfers.
>But since that many request via TCP are blocked by my
>firewall.
>Is it OK blocking these requests or ist it "unhealthy" ?
You should allow them.
If you want to limit who can do zone transfers, use the allow-transfer
option in named.conf.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list