From owner-freebsd-questions Thu Dec 2 16:55:59 1999 Delivered-To: freebsd-questions@freebsd.org Received: from athserv.otenet.gr (athserv.otenet.gr [195.170.0.1]) by hub.freebsd.org (Postfix) with ESMTP id A78C314D47 for ; Thu, 2 Dec 1999 16:55:52 -0800 (PST) (envelope-from keramida@diogenis.ceid.upatras.gr) Received: from localhost.hell.gr (patr530-a066.otenet.gr [195.167.115.66]) by athserv.otenet.gr (8.9.3/8.9.3) with SMTP id CAA24813 for ; Fri, 3 Dec 1999 02:55:36 +0200 (EET) Received: (qmail 32263 invoked by uid 1001); 3 Dec 1999 00:55:39 -0000 Date: Fri, 3 Dec 1999 02:55:39 +0200 From: d e a t h To: freebsd-questions@freebsd.org Subject: Re: Internal vs External DNS (2 nameds) Message-ID: <19991203025539.C32201@hades.hell.gr> Reply-To: keramida@ceid.upatras.gr References: <19991201225936.B10261@amethyst.hypostasis.com> <19991202123650.C5160@hades.hell.gr> <19991202144429.A86312@kearneys.ca> <19991203024229.C31576@hades.hell.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <19991203024229.C31576@hades.hell.gr> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Dec 03, 1999 at 02:42:29AM +0200, d e a t h wrote: ... > zone "0.0.10.IN-ADDR.ARPA" { > type master; > file "primary/localnet-rev"; > allow-query { 10.0.0.0/8; 127.0.0.1; }; > }; > > and you're pretty sure that no queries will be sent to this zone from > any hosts not listed in allow-query. A combination of allow-query and > allow-transfer might make those paranoid of us feel even more `safe' > and relaxed ;) Of course, now that I think about it, spoofed queries might get through this ruleset, but their replies will go to the wrong place anyway. Moreover, you can always set ipfw up to block spoofed packets, coming from the wrong interfaces, etc. etc. Re: Ciao. -- Giorgos Keramidas, "What we have to learn to do, we learn by doing." [Aristotle] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message