Re: Best way for one-way DNS traffic

From: Timothy S. Bowers (security@nol.co.za)
Date: 02/22/01 

Date: Thu, 22 Feb 2001 21:23:26 +0200
To: "Geoffrey T. Falk" <gtf@cirp.org>
From: "Timothy S. Bowers" <security@nol.co.za>

>"Set up your DNS as a forwarder to your upstream provider's nameserver."

Lets say 196.25.1.1 was your upstream provider would you configure it like
this:

       forwarders {
                 196.25.1.1;
         };

..and I guess if you are hosting reverse IP lookup entries and other domain
names you can't do this can you ?

At 12:07 PM 2/22/01 -0700, Geoffrey T. Falk wrote:
>On 22 Feb, H. Wade Minter wrote:
> > My gateway box is running a name server for my home network. Internal
> > clients point to the gateway box for DNS service, and the gateway goes out
> > and resolves DNS queries.
> >
> > I've also got an ipfw firewall on the gateway. What I'd like to do is
> > make it so internal DNS works like it should, but nobody on the outside
> > should be able to connect to port 53.sadm@unired.net.pe
>
>
>Set up your DNS as a forwarder to your upstream provider's nameserver.
>Block all inbound traffic on UDP port 53, except from your ISP's
>nameserver. Set up your local zone files also.
>
>This still leaves you open to DoS from someone forging your upstream
>provider's IP address. But by blocking source routed packets you can
>ensure that nobody else can query your nameserver.
>
>g.
>
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Solaris 8 Network Config
    ... where to send packets with ip's on other networks. ... If you have a gateway, it needs to be located on the same net as the ... > and resolv.conf (for DNS) in my ETC directory. ... nameserver 10.1.2.1 ...
    (comp.unix.solaris)
  • Re: Best way for one-way DNS traffic
    ... > My gateway box is running a name server for my home network. ... > and resolves DNS queries. ... Set up your DNS as a forwarder to your upstream provider's nameserver. ...
    (FreeBSD-Security)
  • Re: Help understanding nameservers
    ... The router magically sets up DNS servers through DHCP when it logs into ... Those are DNS machines used by your Dial-Up provider to enable its customers ... Your router does not have its own nameserver. ...
    (comp.os.linux.networking)
  • Re: Proper rules/procedures for setting up DNS/Default Gateways
    ... I recently replaced my 'server' ... > and DNS addresses are static but the same as the WAN side. ... When I do DNS on myself, I use 127.0.0.1 for nameserver. ... > even on the clients and both interfaces on the dual ported server. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Problem with domain name server in intrepid
    ... I think Kjertil's problem was the DNS servers, so I am not sure the above ... nameserver xxx.xxx.xxx.xxx ... "Perhaps there is no such thing as unilateral power. ... But the myth of power is, of course, a very powerful myth, and ...
    (Ubuntu)
Loading