[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problems with IP tables firewall (DNS and what the heck is this WinME box doing)

On Thu, Jun 07, 2001 at 08:48:54AM +0100, Robert Davies wrote:
[snip]
> Bind8 changed to query other servers, from a non-privileged
> port.  So you may well need either to invoke the 'use
> privileged port option' in /etc/named.conf, or (better) to
> allow outgoing packets with a destination port of 53.
> 
> The TCP/IP connection is used for things like zone transfers,
> so you may be better to restrict that to other known name
> servers.
[snip]

AFAIK, TCP is used to zone transfers and also other large
queries.  Not sure what "large" is defined as, though.  i.e. by
blocking TCP port 53, most things will work, but there's a
chance that some large queries will not work.

Maybe someone else can comment...

-- 
Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies
Reply to: