[Dshield] Help: DNS (53)
DavidHart at TQMcube.com
Thu Jan 1 16:10:35 GMT 2004
On Thu, 2004-01-01 at 08:43, Tod D. Ihde wrote:
Thanks. Your reply is extremely helpful!
> Look into DJBDNS, your bandwidth, memory, diskspace, and response times
> will all improve. (I plug it when I can, I'm a big fan).
That's been a todo for awhile now. It's funny; The Kernel, Apache,
Postfix and other key apps are custom installed from source. When it
comes to DNS, I become an RPM-addicted nitwit because I don't know what
I don't know.
>You need to accept UDP to 53 from any in-bailiwick (
> "authoritative") server. For example, f your server is looking up dns
> info for dshield.org, it must accept UDP packets from dshield.org.
OK. Then there is no applicable (IPTables) firewall rule other than
> Allowing ALL incoming packets FROM udp port 53 means that ANY UDP
> datagram can get through your firewall, as long as the source port is
> 53. Probably not what you intended.
That makes abundant sense. Presumably then, I want to limit to DPT >
32000 and < ???? Any suggestions?
Quality Management - A Commitment to Excellence
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040101/70d3fa1e/attachment.bin
More information about the list