Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Symen Mulders (symenmlakechamplain.com)
Date: Thu Jun 28 2001 - 09:29:37 CDT
> Since the machine unique goal is to handle DNS traffic I configure the
> On TCP Field Permit Only TCP 53
> On UDP Field Permit Only UDP 53
> On IP Field Permit All
Does your DNS service need to allow zone transfers, i.e. to a secondary DNS
server? If not, you don't need to allow traffic on 53/tcp, as 53/udp is all
that is necessary for basic lookups.
Also, be aware that the Windows NT DNS service is really only designed to be
a backend to a domain controller, so if you need a full-fledged DNS server, I
recommend using DJBDNS (it is much more secure than BIND) on some sort of
Unix system (I would recommend OpenBSD, as it is also very secure). Check
out DJBDNS at http://cr.yp.to/djbdns.html.