RE: DNS ACL ?

From: Jason Muskat (Jason_at_TechDude.Ca)
Date: 11/13/05

  • Next message: ADT: "Re: Core Impact references" 
    To: "'John Hally'" <JHally@epnet.com>, <pen-test@securityfocus.com>
Date: Sun, 13 Nov 2005 14:11:22 -0500

    As long as less then a handful for RR are returned UDP is fine. ... Don't
    forget to allow the DNS servers outbound reply.

    Regards,
     
    Jason Muskat, GCUX, de VE3TSJ
    Jason@TechDude.Ca
    +1-416-414-9934 SMS
    PGP Key: 7B447CD9                Fingerprint: 29A2 63C5 F623 EE9D 2453  B840
    2818 5CA7 7B44 7CD9
    Linux Guru Since 2002               Without security there can be no
    privacy.

    -----Original Message-----
    From: John Hally [mailto:JHally@epnet.com]
    Sent: Friday, November 11, 2005 8:35 AM
    To: 'pen-test@securityfocus.com'
    Subject: DNS ACL ?

    Hello All,

     

    I need a sanity check regarding DNS ACLs. For external facing DNS servers
    you need to allow only udp/53 inbound, correct? I know tcp/53 is used for
    zone transfers and requests/replies greater than a certain size, but they
    shouldn't typically happen for general dns queries correct?

     

    Thanks in advance!

    ---------------------------------------------------------------------------- 

    --
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
  • Next message: ADT: "Re: Core Impact references"

    Relevant Pages

    • FW: DNS ACL ?
      ... Subject: DNS ACL? ... queries are sent to the DNS server IP address, ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping ...
      (Pen-Test)
    • Re: Problems with website access with a domain ending with .com
      ... one point they were hosting their own website. ... a way to route the dns to connect to the dynamic website or there is ... poining to GoDaddy's DNS servers. ... There are also cases where the www.mydomain.com record at GoDaddy is a CNAME ...
      (microsoft.public.windows.server.dns)
    • RE: DNS ACL ?
      ... 53/UDP is used for DNS Queries and 53/TCP is used for Zone ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
      (Pen-Test)
    • Re: [OTish] Kinetics Website AWOL
      ... > Noticed this yesterday as DNS servers timed out their data (first Eclipse, ... website brings my P1000 laptop to it's knees with the scrolling images ... in Javascript and their website doesn't work at all with Javascript ...
      (uk.rec.cycling)
    • Re: DNS ACL ?
      ... Exchange use TCP 53 for DNS queries as well, ... For external facing DNS servers ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)