Re: TCP domain connection
It's probably nothing to worry about. But if they're zone transfers,
you can prevent that (BIND 8.x syntax ...) with allow-transfer in your
named.conf. ie:
zone "domain.com" {
allow-transfer { 123.456.7.8; };
};
Also, if you're worried about BIND security, you might want to look into
running it under chroot. I believe SecurityFocus and linux.com have
good tutorials.
Steve
On Sat, Jun 03, 2000 at 11:30:46PM +0200, Igor Mozetic wrote:
>
> I'm observing TCP connections to port 53 (domain) to our
> (secondary) name server from unknown locations.
> ippl.log looks like:
>
> Jun 3 21:51:59 domain connection attempt from [x.x.x.x]
> (x.x.x.x:3302->y.y.y.y:53)
>
> As far as I understand, these are not DNS queries since they
> are UDP. Is this a break-in attemtp, should I ignore it, how
> to prevent it (TCP wrappers don't work here) ... ?
>
> -Igor Mozetic
>
>
--
Steve Zinck <sz@nerd.halifax.ns.ca>
http://nerd.halifax.ns.ca
Reply to: