[Novalug] IPTables and DNS

Ed T. Toton III bones@necrobones.net
Wed Jan 17 15:32:34 EST 2007


Thus spake Nick Danger:

>
> So, give a rather large list of networks (35?) that I want to allow to 
> use it, how do I set up iptables to allow access? Just do allow for 
> tcp/udp on 53 for the blocks I like, then a drop for everything else?

Are they just resolvers or also auth servers? If they're authoritative for 
any zones, you'll want to restrict the recursion in the bind configs and 
not block it with iptables.

If not, you can certainly use a firewall as you described. TCP generally 
only gets used for zone transfers and slaving (and maybe some rare large 
lookups), so UDP is the important one. So yes, block those for all but 
your specific allowed IP ranges and you should be fine.


------------------------------------------------------------------
- Ed T. Toton III, RHCE --|-- www.necrobones.com -- ed.toton.org -
------------------------------------------------------------------
"Those who are smoked will usually wind up sliced."
                -- randomly generated by Non Sequitur, perl version




More information about the Novalug mailing list