Firewalls: Re: Blocking DNS xfers across firewall

Firewalls
(November 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Blocking DNS xfers across firewall
From:	Todd Graham Lewis <lists @ reflections . mindspring . com>
Date:	Wed, 20 Nov 1996 21:47:16 -0500 (EST)
To:	Mark Mitchiner <mitch @ qualcomm . com>
Cc:	Firewalls @ GreatCircle . COM
In-reply-to:	<v0213050caeb936a840e3 @ [129 . 46 . 92 . 54]>

On Wed, 20 Nov 1996, Mark Mitchiner wrote:

> Hi,
> i'm using access-lists packet filtering on cisco routers (no flaming please)
> and i'm trying to block DNS xfers from machines outside our domain.
> Yes, i could use the xfrnets directive, but then i'd have to find
> all the rogue secondaries in my company.  

Yep, you would.

> From what i know,
> i can block tcp port 53, but this would also block queries
> (responses actually) > 512 bytes. 

Yep, it would.

> Any thoughts on this?

Use xfernets.

__
Todd Graham Lewis             Linux!                 Core Engineering
Mindspring Enterprises  tlewis @
 mindspring .
 com   (800) 719 4664, x2804

References:

Blocking DNS xfers across firewall
From: mitch @ qualcomm . com (Mark Mitchiner)

Indexed By Date	Previous:	Re: Blocking DNS xfers across firewall From: Nobuhiko Yoshimoto <yoshi @ koto . nikkei . co . jp>
Indexed By Date	Next:	RE: Cron, Crontabs and wnt From: Sven Dowideit <SvenDowideit @ cit . com . au>
Indexed By Thread	Previous:	Re: Blocking DNS xfers across firewall From: Nobuhiko Yoshimoto <yoshi @ koto . nikkei . co . jp>
Indexed By Thread	Next:	Re: Blocking DNS xfers across firewall From: mike @ ptes . com (Mike Bernhardt)