From owner-freebsd-security Mon Apr 22 8:50:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id 547B337B42B for ; Mon, 22 Apr 2002 08:50:13 -0700 (PDT) Received: from peony.ezo.net (peony.ezo.net [206.102.130.11]) by lily.ezo.net (8.11.6/8.11.6) with ESMTP id g3MFicZ51781; Mon, 22 Apr 2002 11:44:39 -0400 (EDT) (envelope-from jflowers@ezo.net) From: "Jim Flowers" To: Mario Lobo Cc: freebsd-security@FreeBSD.ORG Subject: Re: DNS Question Date: Mon, 22 Apr 2002 11:45:06 -0400 Message-Id: <20020422114506.M42132@ezo.net> In-Reply-To: <20020422100301.A46936@cowbert.2y.net> References: <3CC3C250.28097.2D5EA4@localhost> <20020422100301.A46936@cowbert.2y.net> X-Mailer: Open WebMail 1.60 20020130 X-OriginatingIP: 24.93.230.119 (jflowers) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You don't say what version but assuming 8.x.x there are a number of options to help. Read Chapter 10 of the DNA & BIND book. Particularly, you can configure your dns to be useful as a resolver to only your trusted addresses with option allow-query {trusted-addresses;} while at the same time allowing everyone access to your authoritative zones with an allow-query {any;} entry in each of your authoritative zone files. > On Mon, Apr 22, 2002 at 07:57:08AM -0300, Mario Lobo wrote: > > Hi; > > > > I have a DNS (named) server running on a FreeBSD 4.4 box firewall. > > -- Jim Flowers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message