In the following two Best Practices documents, it is recommended to
disable stateful firewalls for DNS traffic (outbound on recursive
servers, and inbound on authoritative servers). Can people share
their Linux iptables configurations for how they have accomplished
this?
https://deepthought.isc.o
On 01/03/2014 14:30, Chuck Anderson wrote:
How should these rules be changed to adhere to the Best Practices
while not breaking anything and still allowing the servers to do their
own DNS lookups? I know theoretically how I would do this, but I'm
looking for others' experiences.
There are pro
On Sat, Mar 01, 2014 at 03:35:25PM +, Phil Mayers wrote:
> The DNS-QUERY chain allows all traffic inbound to port 53 and
> fragments, and denies all other TCP/UDP. It permits all others,
> which is relatively open but you could lock this down to allowing
> ICMP etc. if you wanted.
>
> The DNS-
On Sat, Mar 01, 2014 at 03:35:25PM +, Phil Mayers wrote:
> On 01/03/2014 14:30, Chuck Anderson wrote:
>
> >How should these rules be changed to adhere to the Best Practices
> >while not breaking anything and still allowing the servers to do
> >their own DNS lookups? I know theoretically how
4 matches
Mail list logo
