* James Miller ([EMAIL PROTECTED]) wrote: > > > If memory serves.. AXFR is a zone transfer... So, at your firewall, would > want to only allowing TCP queries from your backup (secondary, > trinary..etc.) dns servers (on the outside of your firewall) and limit > everyone else to UDP queries. And for your bind9 config something like > this:
It is not a good idea to block TCP packets to your DNS server, since TCP is not only used for zone transfer, it is also used when answering a DNS query with a response that does not fit in a normal UDP datagram. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
