Darxus on Thu, 13 Apr 2000 22:17:36 -0400 (EDT)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Caching nameserver HOWTO?


On Thu, 13 Apr 2000 mg@infinity.stf.org wrote:

> Seems you've already got the doc you need. The DNS HOWTO has a rather
> large section devoted to building a caching-only nameserver. Very good
> instructions, I've used it a couple of times myself to do just what you
> want. And yes, just add 'nameserver 127.0.0.1' to your resolv.conf and
> you're in business. Good luck.

And..

ipchains -F             
ipchains -P input ACCEPT
ipchains -A input -p tcp --destination-port 53 -j DENY
ipchains -A input -p udp --destination-port 53 -j DENY

To be *sure* everybody stays out of your DNS (I once hade somebody root me
through bind just to convince me to upgrade, so I'm weary of it).

Well, it'd be better to end w/ a "ipchains -P input DENY" & specify
everything you want open...

And I think there's also a way to deny external connections within bind...
but I'd trust ipchains more.
__________________________________________________________________
PGP fingerprint = 03 5B 9B A0 16 33 91 2F  A5 77 BC EE 43 71 98 D4
            darxus@op.net / http://www.op.net/~darxus
        There is no fine line between genius and insanity.


______________________________________________________________________
Philadelphia Linux Users Group       -       http://plug.nothinbut.net
Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
General Discussion   -   http://lists.nothinbut.net/mail/listinfo/plug