On Wed, 20 Nov 1996, Mark Mitchiner wrote:
> i'm using access-lists packet filtering on cisco routers (no flaming please)
> and i'm trying to block DNS xfers from machines outside our domain.
> Yes, i could use the xfrnets directive, but then i'd have to find
> all the rogue secondaries in my company.
Yep, you would.
> From what i know,
> i can block tcp port 53, but this would also block queries
> (responses actually) > 512 bytes.
Yep, it would.
> Any thoughts on this?
Todd Graham Lewis Linux! Core Engineering
Mindspring Enterprises tlewis @
com (800) 719 4664, x2804