[CentOS] Primary DNS server with BIND on a public machine running CentOS 7
Chris Adams
linux at cmadams.netTue Apr 11 18:05:48 UTC 2017
- Previous message: [CentOS] Primary DNS server with BIND on a public machine running CentOS 7
- Next message: [CentOS] connection state tracking with DNS [was Primary DNS...]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
One additional DNS server note: you should disable firewalld for any DNS server, caching or authoritative. If you need firewalling, use straight iptables. The reason is that firewalld always enables connection state tracking (at least as far as I can tell), and that should never be used in front of a DNS server. A public authoritative server or any caching server can get a high rate of requests, and having the kernel firewalling trying to track connection states is a bottleneck (one that will be reached before DNS software's limits). If you must firewall a DNS server, use straight iptables and do not use connection state tracking. -- Chris Adams <linux at cmadams.net>
- Previous message: [CentOS] Primary DNS server with BIND on a public machine running CentOS 7
- Next message: [CentOS] connection state tracking with DNS [was Primary DNS...]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list