On Thursday 29 January 2004 3:25 pm, David C. Hart wrote: > I am terribly confused about what I need to accept and reject and the > associated IPTables rules for Bind to work properly without exposing our > server to exploits. Right now, I'm pretty much accepting all traffic to > and from port 53 and that's "probably" not a good thing. I'm running > IPtables on the same machine running Bind. > > Can someone point me in the right direction? Allow traffic to TCP & UDP ports 53 on your DNS server, but secure it in /etc/named.conf using the info at http://www.isc.org under BIND - hint: stop people from doing zone transfers or domain updates. Antony. -- I want to build a machine that will be proud of me. - Danny Hillis, creator of The Connection Machine Please reply to the list; please don't CC me.
