Great Circle Associates Firewalls
(February 1994)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: DNS through a packet filter
From: alastair @ cadence . com (Alastair Young)
Date: Thu, 10 Feb 1994 10:36:13 -0800
To: firewalls @ GreatCircle . COM, smb @ research . att . com

At  1:39 AM 2/10/94 -0500, smb @
 research .
 att .
 com wrote:
>The suggestion has been made that a way to handle DNS through the
>firewall should rely on the fact that DNS-DNS queries come from and
>go through port 53.  I've been told that that's no longer true with
>Solaris.  Does anyone have any experience with this?

DNS is port 53. Our Solaris systems have not noticed any problems, though
I'm not sure if we have any Solaris DNS servers yet, only clients.

We do not allow port 53 through. Port 53 access is restricted to is our
primary external DNS server: All internal DNS servers are
in "slave" mode with their "forwarders" set to the inside interface of Thus all DNS transactions with the Net are done by this
single machine.


Alastair Young                                     _               Ariel NH
Cadence Design Systems, Information Services     )/___     _     Red Hunter
555 River Oaks Parkway, 4B1                    __/(___)_*##/c 
San Jose CA 95134         Fax: (408)894-3487  / /\\|| \ /  \ Brakes'n'lites
alastair @
 cadence .
 com           (408)428-5278  \__/ ----'\__/  novel eh?
These statements and opinions are mine, not those of Cadence Design Systems

Indexed By Date Previous: en route to global net domination
From: gary @ cmd . usf . edu
Next: Re: en route to global net domination
From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Indexed By Thread Previous: DNS through a packet filter
From: smb @ research . att . com
Next: Re: DNS through a packet filter
From: db @ whitney . sunbim . be (Danny Backx)

Search Internet Search