Re: checking security logs
On Tue, Jan 23, 2001 at 08:02:59PM -0600, Jordan Bettis wrote:
> yet another trying DNS (comming from another dns server, hrmm)
> Jan 23 03:43:00 marvin kernel: Packet log: input DENY eth1 PROTO=6 188.8.131.52:53 184.108.40.206:53 L=40 S=0x00 I=39426 F=0x0000 T=27 SYN (#10)
Is it not normal for nameservers to "talk" to each other?
Or are nameservers only supposed to "talk" to their listed forwarders?
What about [A-M].ROOT-SERVERS.NET?
I am currently allowing all otherwise reasonable tcp connections
with my nameserver (by IP) as the destination in and out at port 53.
Is that risky, or is that helping resolvers get my IP quicker?
Or both? Or neither?