HPE Community
Operating System - HP-UX
1832288 Members
2398 Online
110041 Solutions
New Discussion

dns

 
SOLVED
Go to solution
Kevin Wright
Honored Contributor

‎11-09-2000 03:12 PM

‎11-09-2000 03:12 PM

dns

I have configured a primary server,using bind 4.9, (I have to work with what they ginve me)and have the secondary with an isp.They have pulled a copy of my data successfully. Do I need to do anything on my end to prevent anyhost from pulling a copy of my zone? I think this can be a security risk.
0 Kudos
Reply
4 REPLIES 4
Fred Martin_1
Valued Contributor

‎11-10-2000 04:38 AM

‎11-10-2000 04:38 AM

Re: dns

I may be wrong but once the data is passed to your ISP it's available there, anyway.

However - your firewall should prevent anyone but your ISP from getting DNS information. Most firewalls allow filtering packets by port number, source address and destination address.

So outbound DNS packets (port 53) with your DNS server (source) and your ISP's DNS server (destination) would be allowed by the firewall, all other port 53 packets would be denied.

It's somewhat more complicated than that, but there's excellent info starting on p.278 of the O'Reilly book "Building Internet Firewalls" if you need it.
fmartin@applicatorssales.com
0 Kudos
Reply
Kevin Wright
Honored Contributor

‎11-10-2000 07:43 AM

‎11-10-2000 07:43 AM

Re: dns

Unfortunately, this box is outside the firewall.
0 Kudos
Reply
Rick Garland
Honored Contributor

‎11-10-2000 07:49 AM

‎11-10-2000 07:49 AM

Solution

Re: dns

You can add directives that will only allow certain IP addresses to access the data.
Reply
Kofi ARTHIABAH
Honored Contributor

‎11-10-2000 08:29 AM

‎11-10-2000 08:29 AM

Re: dns

modify your /etc/named.boot file and add an entry for xfernets with the IP address of your ISP's dns server:

echo "xfernets XX.XX.XX.XX" >> /etc/named.boot

then restart your name server.
/sbin/init.d/named stop ; /sbin/init.d/named start.

Do a man on named
nothing wrong with me that a few lines of code cannot fix!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.