On Wed, Mar 14, 2001 at 10:22:32AM -0500, Peter Brezny wrote:
> Bill,
> I do have a list? ... Which list is that?
>
> I think the light bulb is begining to glow, dimly but still glow. I guess I
> only have to allow the root servers access? Is that what you mean?
Typically you would want to allow queries from any addresses and zone
transfers from secondary nameservers or from the primary nameservers
that any of your servers secondary off of.
> However I am still wondering why the firewall rules I have below arn't
> allowing transfers, I do have an allow rule for established traffic, just
> well above the rules below.
>
> $fwcmd add allow tcp from any to any established
>
> shouldn't this ruleset allow any DNS server to perform a transfer?
a zone transfer, yes. that may or may not be what you want (but
it can be controlled with named.conf as well if you just want simple
ipfw rules)
--
Bill Fumerola - security yahoo / Yahoo! inc.
- [EMAIL PROTECTED] / [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
