Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
RE: [suse-security] SuSE firewall2 configuration for zone transfer
  • From: "Knut Erik Hauslo" <KNUTH@xxxxxxxxxxxx>
  • Date: Tue, 22 Jul 2003 14:49:20 +0200
  • Message-id: <1C42D59BC8928742BD48EB8D4D3DA8227C66@xxxxxxxxxxxxxxx>
Hi there,

DNS Requests from Server to Server normaly uses UDP 53 (Source and
Destination Port). However, if problems occur or packet size is > 512
bytes, it will change to Source Port >=1024 TCP and destination port 53
TCP.

Cheers
Knut Erik



-----Original Message-----
From: M. Edwin [mailto:edwin@xxxxxxxxx]
Sent: Tuesday, July 22, 2003 1:36 PM
To: suse-security@xxxxxxxx
Subject: [suse-security] SuSE firewall2 configuration for zone transfer



Hi list,

I just setup name server for our domain. I allow-transfer on named.conf
to external server outside our domain for secondary name server.

allow-query { any; };
allow-transfer { 202.158.40.1; };

When I check on the log (/var/log/messages) there are several lines show
that the zone transfer to that server on highport is not allow like this
one:

Jul 22 13:25:25 mail /usr/sbin/named[28877]: client
::ffff:202.158.40.1#54516: zone transfer denied

I think it is because the firewall, so I check the firewall
configuration. But I think everything is Ok (correct me if I'm wrong). I
put the lines

FW_SERVICES_EXT_UDP="53" FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain"

Anybody can give me advice?

Kind Regards,
M. Edwin

< Previous Next >
Follow Ups