From owner-freebsd-security Mon Apr 22 13:51:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 7173C37B715 for ; Mon, 22 Apr 2002 13:49:45 -0700 (PDT) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 002E516B22 for ; Mon, 22 Apr 2002 13:24:03 +0200 (CEST) Received: from LenConrad.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id A800C990142; Mon, 22 Apr 2002 13:46:08 +0200 Message-Id: <5.1.0.14.2.20020422062026.05613ec0@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 22 Apr 2002 06:24:01 -0500 To: freebsd-security@freebsd.org From: Len Conrad Subject: Re: DNS Question In-Reply-To: <3CC3C250.28097.2D5EA4@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >ipfw allows queries to ports 53 and 1024 from any IP inside the private >network (internal interface) and only certain ISP IPs on the external >interface. 53 udp/tcp is all you need on ingress, plus ssh. On egress, bind will query via udp/tcp on port > 1023. > I need to open those ports to any IP on the external interface. >Is there any security concerns I should have if I do this ? Run the latest version of bind, and check for known compromises in it on the isc.org site. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message