Date: Mon, 22 Apr 2002 06:41:36 -0700 From: Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: mlobo@ear.com.br Cc: freebsd-security@FreeBSD.ORG Subject: Re: DNS Question Message-ID: <200204221341.g3MDfajj083200@cwsys.cwsent.com> In-Reply-To: Message from "Mario Lobo" <Mlobo@ear.com.br> of "Mon, 22 Apr 2002 07:57:08 -0300." <3CC3C250.28097.2D5EA4@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <3CC3C250.28097.2D5EA4@localhost>, "Mario Lobo" writes:
> Hi;
>
> I have a DNS (named) server running on a FreeBSD 4.4 box firewall.
>
> ipfw allows queries to ports 53 and 1024 from any IP inside the private
> network (internal interface) and only certain ISP IPs on the external
> interface.
>
> I need to open those ports to any IP on the external interface.
>
> Is there any security concerns I should have if I do this ? The only
> services I have running are ssh (restricted to specific IPs) and squid
> (local only).
Personally, I would run the DNS in a jail or chrooted, e.g.
TZ=PST8PDT exec $NAMED -c $NAMED_CONF -u $NAMED_UID -g $NAMED_GID -t
$NAMED_CHROOT
Cheers, Phone: 250-387-8437
Cy Schubert Fax: 250-387-5766
Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, CITS
Ministry of Management Services
Province of BC
FreeBSD UNIX: cy@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204221341.g3MDfajj083200>