pravin, i know a way to do this but i need to know who it is that you are trying to block from doing mx resolution? mx queries to the dns system. this is a staple of bind. internal users need this from your internal servers. external clients needs to have the mail handler resolved to point at the secure mail address. need more info on who you are filtering, the query type (mx) is self is needed. ~v/r, piranha -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of pravin rane Sent: Saturday, November 27, 2004 8:18 PM To: Daniel Chemko; netfilter@xxxxxxxxxxxxxxxxxxx Subject: RE: How to block only MX query made to DNS server That is right but only when all clients are using my DNS server. I will not be able to block MX requests if they are using some other DNS servers which are out-side of my network and I can not force my clients to use only my DNS server. Using iptables I can build a rule for certain ICMP TYPE Packets. Is there any rule which can match DNS query TYPE? regards Pravin Rane. --- Daniel Chemko <dchemko@xxxxxxxxxx> wrote: > pravin rane wrote: > > Hi all, > > > > I want to block DNS MX query made through my > network. > > What iptables rule I should use. > > You don't use iptables to do this. named has built > in ACL's to determine > who can perform what oeprations. Look at bind > 'view's for more > information on how to properly deal with name > resolution issues. > ===== -- __..-' _.--'' _...__..-' .' .' .' .' .------._ ; .-"""`-.<') `-._ .' (.--. _ `._ `'---.__.-' Fly High Till You Reach ` `;'-.-' '- ._ The Sky .--'`` '._ - ' . `""'-. `---' , ''--..__ `\ Warm Regards ``''---'`\ .' `'. ' Pravin Rane. __________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
