Very Computer

Hello,

i run a Named on my Gateway for getting resolved my internal homedomain. All
Clients just take the Named for their DNS and the Named itself connect the two
DNS at the Provider.

The great Questions: When using Port 53 for the Bind this Port must be opened
bidi from the Outside. I just degrade this Port to the Provider-DNS to get a
little security.

I dont know what happens when Named runs as its default, this will use some
unknown upper >1024 Port. To which Port will the answers come back to my
machine from the outside?

--
This posting offers only my personal meanings
ByeBye
Eric

The source port will be 53 - the destination port will be > 1024

-Tom
--
Tom Eastep               \    Opinions expressed here

Shoreline, Washington USA  \    those of my employer

I accept UDP and TCP packets from my ISP's name servers, port 53, to my
interface, ports 1024-5999 and 6010-max.  Works for me.  My named sends
queries from unprivileged ports to port 53, the replies come back from
port 53 to the originating port and the above rule lets them in.

Oops, important detail:  I run named as a slave.  In the /etc/named.conf,

        options {
                directory "/var/named";
                forward only;
                forwarders {
                        xxx.xxx.xxx.xxx;        // ISP's nameserver
                        xxx.xxx.xxx.xxx;        // backup nameserver
                };
        };
        // rest of the named.conf unchanged because I'm lazy.

This means my named forwards all queries to my ISP, without ever bothering
other nameservers on the Internet.  That's why I don't need to accept
DNS replies from the net at large.  The replies are still cached locally.

--
--Pierre Asselin, Westminster, Colorado