From owner-freebsd-questions Thu Mar 23 15:55:15 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.hellasnet.gr (mail.hellasnet.gr [212.54.192.3]) by hub.freebsd.org (Postfix) with ESMTP id DB3EB37C843 for ; Thu, 23 Mar 2000 15:55:06 -0800 (PST) (envelope-from keramida@ceid.upatras.gr) Received: from hades.hell.gr (ppp2.patr.hellasnet.gr [212.54.197.17]) by mail.hellasnet.gr (8.9.1/8.9.1) with ESMTP id BAA01615; Fri, 24 Mar 2000 01:54:05 +0200 (GMT) Received: (from charon@localhost) by hades.hell.gr (8.9.3/8.9.3) id BAA01972; Fri, 24 Mar 2000 01:35:06 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Fri, 24 Mar 2000 01:35:02 +0200 From: Giorgos Keramidas To: J A Shamsi Cc: freebsd-questions@FreeBSD.ORG Subject: Re: DNS and FIREWALL Message-ID: <20000324013459.I654@hades.hell.gr> Reply-To: keramida@ceid.upatras.gr References: <20000323175541.25633.qmail@web4107.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000323175541.25633.qmail@web4107.mail.yahoo.com>; from jashamsi@yahoo.com on Thu, Mar 23, 2000 at 09:55:41AM -0800 X-PGP-Fingerprint: 62 45 D1 C9 26 F9 95 06 D6 21 2A C8 8C 16 C0 8E Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Mar 23, 2000 at 09:55:41AM -0800, J A Shamsi wrote: > Hello I am trying to configure DNS on a machine protected by firewall. > I have named 8.xx do I need to use port 53 specifically. Yes, you have to allow explicitly at least udp/53 for client queries. Now, if your named has some secondary zones from other servers, or some server outside the firewall is playing backup server for your zones, you might also find it useful to allow tcp/53 through. Being selective on who gets allowed to connect to port tcp/53 is not a bad thing. For instance if you just want your named to play secondary for some zone, no need to allow incoming tcp/53 connections. You can make your named use a non-priviledged ephemeral port for queries, and allow only outgoing connections to tcp/53. But most of this depends on your named's setup. You might have already had a look, but is always a nice place to start looking for more information ;) - Giorgos Keramidas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message