Is this a safe ipfilter rule?
Luke
luked at pobox.com
Mon Jul 12 23:54:57 PDT 2004
> If stateful UDP:53 is a problem because of the load you have, you might
> want to consider the following setup:
>
> - Allow all packets to/from port 53 of your ISP's named (without
> keeping state information in the firewall).
> - Set up your ISP's named as a "forwarder".
>
> Giorgos
Thanks!
That's what I'm trying to do. I've studied firewalls for awhile, but I'm
still very new to running named. The only reason I'm running named at all
is because the other machines on my LAN expect my gateway to handle DNS
for them. My named isn't meant to be authoritative - just a cacheing
server. The only change I've made to the default named.conf is to replace
the loopback address in the "forwarders { }" section with my ISP's DNS.
I've read about options for securing named with checksums, but I don't
understand it well enough yet to try it out. I'm also not sure if this
configuration is the most efficient.. Am I really cacheing anything or
just always asking my ISP to handle DNS for me?
I've gotten off-topic and I really should rtfm on named now, since it
sounds like that's my next biggest security problem.
Thanks again.
More information about the freebsd-questions
mailing list