DNS server behind a firewall
This is a discussion on DNS server behind a firewall within the Linux Security forums, part of the System Security and Security Related category; Thanks a lot for the help and time spent on me! I hope I understand the situation much better now :-) ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-20-2004
|
|||
|
|||
Re: DNS server behind a firewall
Thanks a lot for the help and time spent on me!
I hope I understand the situation much better now :-) To be fair, this occurred to be a headache to have a windoops DNS server behind a Linux fw :-) I guess only Mr. Gates knows why does a name server initiates udp connections to addresses like 192.168.253.1 and 192.168.19.1 ... Thanks once again to you and all other persons who replied! Regards, Mikhail 
|
|
12-20-2004
|
|||
|
|||
|
Re: DNS server behind a firewall
In article <pDlxd.51287$DC.3054@fed1read03>, Gregory W Zill wrote:
> Bruno Wolff III wrote: >> In article <jaPvd.4833$Sq.2775@fed1read01>, Gregory W Zill wrote: >> >>>The client may use whatever port it has free to initiate connection, but >>>the RFC for DNS requires that is arrive on port 53. Therefore the rule >>>is good as it stands 53 <-> 53.\ >> >> >> The above appears to be a contradiction, though perhaps I am misunderstanding >> what 53 <-> 53 is supposed to mean. I assumed it meant the ports on both >> sides of the connection are 53. > No contradiction. A hardware firewall is in place between two network > interfaces. The abbreviated rule or equation shown indicates that one > (outside-facing) interface deals with the port on the left of the > equation and the second (internal-facing) interface deals with the port > on the right side of the equation. What port the client decides to > initiate is not part of the equation, or the interfaces involved in > setting up the firewall. This represents notation used by firewall admins. OK, that makes sense.
|
Linear Mode
