[Novalug] IPTables and DNS
Ed T. Toton III
bones@necrobones.net
Wed Jan 17 15:32:34 EST 2007
Thus spake Nick Danger:
>
> So, give a rather large list of networks (35?) that I want to allow to
> use it, how do I set up iptables to allow access? Just do allow for
> tcp/udp on 53 for the blocks I like, then a drop for everything else?
Are they just resolvers or also auth servers? If they're authoritative for
any zones, you'll want to restrict the recursion in the bind configs and
not block it with iptables.
If not, you can certainly use a firewall as you described. TCP generally
only gets used for zone transfers and slaving (and maybe some rare large
lookups), so UDP is the important one. So yes, block those for all but
your specific allowed IP ranges and you should be fine.
------------------------------------------------------------------
- Ed T. Toton III, RHCE --|-- www.necrobones.com -- ed.toton.org -
------------------------------------------------------------------
"Those who are smoked will usually wind up sliced."
-- randomly generated by Non Sequitur, perl version
More information about the Novalug
mailing list