On Wed, 28 Jan 2004, James Miller wrote: > If memory serves.. AXFR is a zone transfer... So, at your firewall, would > want to only allowing TCP queries from your backup (secondary, > trinary..etc.) dns servers (on the outside of your firewall) and limit > everyone else to UDP queries.
I am no BIND expert, but please do not block TCP 53 unless you want to drop about 20% (might be another percentage at your site) of all valid lookups too! There is a long-standing myth that DNS traffic is UDP only (excepting zone transfers). THIS IS NOT TRUE. I am sorry, I can't help you with the BIND specific stuff. Grx HdV -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
