[CentOS] Bind Firewall Rules
nate
centos at linuxpowered.netWed Jul 23 17:07:53 UTC 2008
- Previous message: [CentOS] Bind Firewall Rules
- Next message: [CentOS] Bind Firewall Rules
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Paul A wrote: > Correct me if I'm wrong but from my understanding doesn't the new BIND > randomize outgoing source ports only? - If so then if you have your firewall > to allow established connections you should be all set. That's a good point, just tested it out on my firewall, removed the port 53 option from named.conf and restarted bind and can still query it internally and externally for it's authoritative domains. Perhaps my firewall is just less strict than it used to be(migrated from freebsd to openbsd about a year ago). I don't recall what the ruleset used to look like. I do recall having to enable that option years ago else I couldn't query through the firewall. Still I think caching name servers should be more protected whenever possible, as this "fix" isn't really a fix it just makes it a bit harder to determine what the id is. nate
- Previous message: [CentOS] Bind Firewall Rules
- Next message: [CentOS] Bind Firewall Rules
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list