On Wednesday 18 August 2010 17:42, Ulrich David wrote: > Hi, > > I'm using Bind as a cache (absolutely not authoritative) DNS for a public > network. I have put a firewall in order to refuse incoming packets from > people not on my network. > > This traffic came from other DNS server in the world. As it's UDP I think > of UDP queries going from my cache server to other DNS server, and I catch > their UDP responses in the firewall. Is it possible? > > So I should open my firewall for UDP on port 53 for all the world?
It would really depend on how you have your firewall setup. You should have it setup to do STATEFUL inspection and allow ESTABLISHED,RELATED connection inbound that way your responses are allowed through. Also ensure that connection tracking is turned on. A simple firewall could be; eth0 = Internet eth1 = LAN iptables -A FORWARD -i eth1 -m state --state NEW --dport 53 -j ACCEPT iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT The reason I use just the port is so that both TCP and UDP are captured. But not knowing your setup it is hard to give you a complete answer. -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/ _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
