[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables and domain services...


>>> "Noah L. Meyerhans" <frodo@morgul.net> 04/19 4:41 PM >>>
On Thu, Apr 19, 2001 at 03:36:37PM -0500, Phil Brutsche wrote:
> > > iptables -A INPUT -p UDP --source-port domain -j ACCEPT
> >
> > Huh?  That is completely untrue.  If that was the case then any program
> > that wished to lookup hosts in the DNS would need to be run as root
> > (ordinary users don't have access to port 53, remember).
> 
> Perfectly true.  With DNS, the query goes to port 53; the response comes
> from port 53 on that same DNS server.

Yes, I was assuming that incoming DNS requests were the issue here, not
replies to outgoing requests.  It sounded to me like a DNS server was
being run on this machine (it was, after all, referred to as a server)
and that when UDP was blocked it was unable to respond to DNS requests.
I might have misinterpreted the original problem.


I am not running a DNS server on this machine yet, but I do have plans to put on there.  This server is currently just a firewall right now.

Thank you again for your help, (I've been pulling my hair out on this issue for 3 days now.)

Janet Post
j.post@sparton.ca



-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/ 
| PGP Public Key: http://web.morgul.net/~frodo/mail.html
Reply to: