Date: Mon, 22 Apr 2002 06:24:01 -0500 From: Len Conrad <LConrad@Go2France.com> To: freebsd-security@freebsd.org Subject: Re: DNS Question Message-ID: <5.1.0.14.2.20020422062026.05613ec0@mail.Go2France.com> In-Reply-To: <3CC3C250.28097.2D5EA4@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
>ipfw allows queries to ports 53 and 1024 from any IP inside the private >network (internal interface) and only certain ISP IPs on the external >interface. 53 udp/tcp is all you need on ingress, plus ssh. On egress, bind will query via udp/tcp on port > 1023. > I need to open those ports to any IP on the external interface. >Is there any security concerns I should have if I do this ? Run the latest version of bind, and check for known compromises in it on the isc.org site. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20020422062026.05613ec0>