> Since the machine unique goal is to handle DNS traffic I configure the
> following:
>
> On TCP Field Permit Only TCP 53
> On UDP Field Permit Only UDP 53
> On IP Field Permit All
>

Does your DNS service need to allow zone transfers, i.e. to a secondary DNS
server? If not, you don't need to allow traffic on 53/tcp, as 53/udp is all
that is necessary for basic lookups.

Also, be aware that the Windows NT DNS service is really only designed to be
a backend to a domain controller, so if you need a full-fledged DNS server, I
recommend using DJBDNS (it is much more secure than BIND) on some sort of
Unix system (I would recommend OpenBSD, as it is also very secure). Check
out DJBDNS at http://cr.yp.to/djbdns.html.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]