Re: Bind Configuration

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MJD Austin at <-
MMKeith Smith at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Keith Smith
Date:  
To: michael, Main PLUG discussion list
Subject: Re: Bind Configuration

I added NAT on my router to open up port 53. Is that what you are
referencing?


On 2014-12-07 23:28, Michael Butash wrote:
> You'll want to allow tcp/53 if doing any sort of public dns - anything
> greater than 1500 bytes (ie most domain-keys//spf records), and also
> any anomaly mitigation gear (the things that keep 400gb DDoS at bay)
> use that to figure our if you're real or not. Blocking tcp for dns is
> not a good idea as a whole, it's just RFC-compliant behavior things
> expect.
>
> -mb
>
>
> On 12/07/2014 09:17 PM, der.hans wrote:
>> BTW, also firewall TCP port 53 to only allow connections from your
>> slaves
>> unless you're certain you really want it open.
>>
>> ciao,
>>
>> der.hans
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

--
Keith Smith
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Bind ConfigurationRe: Bind Configuration->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)