Mailinglist Archive: opensuse-security (423 mails)
| < Previous | Next > |
Re: [suse-security] dns zone x-fers on tcp 53
- From: Markus Gaugusch <markus@xxxxxxxxxxxxxxxx>
- Date: Wed, 28 Mar 2001 14:54:11 +0200 (CEST)
- Message-id: <Pine.LNX.4.33.0103281453550.18494-100000@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> What is the reason for installing pri dns server in a self owned DMZ and sec
> dns server at the isp?
Convenience - you can manipulate the zones easier.
> If the firewall ist not stateful this enables inet users to do dns
> probes on tcp 53 and other worse things.
why? you can block tcp port 53 for everyone except the ip of the secondary
NS.
bye
Markus
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxxxxxxx X Against HTML Mail
/ \
> dns server at the isp?
Convenience - you can manipulate the zones easier.
> If the firewall ist not stateful this enables inet users to do dns
> probes on tcp 53 and other worse things.
why? you can block tcp port 53 for everyone except the ip of the secondary
NS.
bye
Markus
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxxxxxxx X Against HTML Mail
/ \
| < Previous | Next > |