Based on suggestions here, I now have a named.conf file like this:
options { ... };
logging { ... };
zone "." IN { type forward; forwarders { PUB; }; forward only; };
zone "HOST1" { type forward; forwarders { PRIV; }; };
zone "HOST2" { type forward; forwarders { PRIV; }; };
# PUB
Greetings
my isp has some private address space which has dns resolution and can be
queried from the outside world.
I asked them about this because we use this private address space and it is
showing up in our DNS lookups. here was there response;
>I've discussed this with our systems admi
On Mon, 9 Aug 2010, Shiva Raman wrote:
>
> I tried implementing dnssec using the following document
> http://blog.dustintrammell.com/2008/08/01/configuring-dnssec-in-bind/
That is rather out of date: it does not cover some important BIND-9.7
DNSSEC validation features, specifically RFC 5011 autom
Allow bind to use as wide a range of port numbers as possible for UDP
traffic.
>>
>> On 09.08.10 17:14, Shiva Raman wrote:
>>> Yes this is allowed in the firewall.
>>
>> note that bind also should not have "port" potion in query-source statement.
On 09.08.10 14:08, Wolfgang Solfrank wrot
Am Mon, 09 Aug 2010 14:08:26 +0200
schrieb Wolfgang Solfrank :
> >>> Allow bind to use as wide a range of port numbers as possible for
> >>> UDP traffic.
> >
> > On 09.08.10 17:14, Shiva Raman wrote:
> >> Yes this is allowed in the firewall.
> >
> > note that bind also should not have "port" potio
Allow bind to use as wide a range of port numbers as possible for UDP
traffic.
On 09.08.10 17:14, Shiva Raman wrote:
Yes this is allowed in the firewall.
note that bind also should not have "port" potion in query-source statement.
In addition, be carefull with the use of NAT on your firewal
> >Allow bind to use as wide a range of port numbers as possible for UDP
> >traffic.
On 09.08.10 17:14, Shiva Raman wrote:
> Yes this is allowed in the firewall.
note that bind also should not have "port" potion in query-source statement.
> > Make sure your firewalls don't do daft things like fo
Hi
Thanks for your valuable suggestions
>Run an up-to-date version of bind. Be fanatical about applying security
>patches promptly.
Yes , i am running the latest version Bind-9.7.1-P2.
>Don't allow recursion /at all/ for queries from the general public to
>your authoritative servers, nor permit
8 matches
Mail list logo
