Re: Bind Configuration

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MKeith Smith at <-
MMder.hans at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Butash
Date:  
To: plug-discuss
Subject: Re: Bind Configuration
You'll want to allow tcp/53 if doing any sort of public dns - anything
greater than 1500 bytes (ie most domain-keys//spf records), and also any
anomaly mitigation gear (the things that keep 400gb DDoS at bay) use
that to figure our if you're real or not. Blocking tcp for dns is not a
good idea as a whole, it's just RFC-compliant behavior things expect.

-mb


On 12/07/2014 09:17 PM, der.hans wrote:
> BTW, also firewall TCP port 53 to only allow connections from your slaves
> unless you're certain you really want it open.
>
> ciao,
>
> der.hans

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Bind ConfigurationRe: Bind Configuration->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)