Re: iptables and domain services...
>>> "Noah L. Meyerhans" <frodo@morgul.net> 04/19 4:41 PM >>>
On Thu, Apr 19, 2001 at 03:36:37PM -0500, Phil Brutsche wrote:
> > > iptables -A INPUT -p UDP --source-port domain -j ACCEPT
> >
> > Huh? That is completely untrue. If that was the case then any program
> > that wished to lookup hosts in the DNS would need to be run as root
> > (ordinary users don't have access to port 53, remember).
>
> Perfectly true. With DNS, the query goes to port 53; the response comes
> from port 53 on that same DNS server.
Yes, I was assuming that incoming DNS requests were the issue here, not
replies to outgoing requests. It sounded to me like a DNS server was
being run on this machine (it was, after all, referred to as a server)
and that when UDP was blocked it was unable to respond to DNS requests.
I might have misinterpreted the original problem.
I am not running a DNS server on this machine yet, but I do have plans to put on there. This server is currently just a firewall right now.
Thank you again for your help, (I've been pulling my hair out on this issue for 3 days now.)
Janet Post
j.post@sparton.ca
--
_______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html
Reply to: