Great Circle Associates Firewalls
(December 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Denying DNS services
From: mark . kern @ merisel . com (Mark Kern)
Date: Tue, 12 Dec 1995 06:44:52 -0800
To: firewalls @ greatcircle . com, "Jan (Monk) Vandenbos" <jan @ cypronet . com> 
Received: from relay7.UU.NET by inet.merisel.com with SMTP
  (IMA Internet Exchange 1.04b) id 0cd71a51; Tue, 12 Dec 95 04:12:22 -0800
Received: from miles.greatcircle.com by relay7.UU.NET with ESMTP 
	id QQztud11506; Tue, 12 Dec 1995 06:50:49 -0500 (EST)
Received: (majordom @
 localhost) by miles.greatcircle.com (8.7.1/Miles-950430-1) id
 DAA12013 for firewalls-outgoing; Tue, 12 Dec 1995 03:19:15 -0800 (PST)
Received: from neon.cypronet.com (neon.cypronet.com [205.233.90.2]) by miles.grea
tcircle.com (8.7.1/Miles-950430-1) with SMTP id DAA12008 for <firewalls @
 greatcirc
le.com>; Tue, 12 Dec 1995 03:19:12 -0800 (PST)
Received: from helium.cypronet.com (helium.cypronet.com [205.233.90.5]) by neon.c
ypronet.com (8.6.12/8.6.9) with SMTP id FAA07556 for <firewalls @
 greatcircle .
 com>;
 Tue, 12 Dec 1995 05:17:15 -0700
Date: Tue, 12 Dec 1995 05:17:15 -0700
Message-Id: <199512121217 .
 FAA07556 @
 neon .
 cypronet .
 com>
X-Sender: jan @
 mail .
 cypronet .
 com
X-Mailer: Windows Eudora Light Version 1.5.2
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: firewalls @
 greatcircle .
 com
From: "Jan (Monk) Vandenbos" <jan @
 cypronet .
 com>
Subject: Denying DNS services
Sender: firewalls-owner @
 GreatCircle .
 COM
Precedence: bulk

     Yes, you can use many methods.  I assume that you DNS host is inside 
     some sort of bastion host or firewall.  If so, you just deny access to 
     your DNS from that subnet.  
     
     If your DNS is not inside, or is not protected, you can go to the 
     router and build an access control list on the router to keep subnets 
     out.  
     
     Outside DNS entries should not be a problem being accessed from the 
     outside.  If you have DNS entries about your network and it is 
     accessible from the outside, and you don't want everyone to be able to 
     see information about your internal network, put your DNS behind a 
     bastion host or firewall, and have two DNS hosts, one internal, one 
     external.


______________________________ Reply Separator _________________________________
Subject: Denying DNS services
Author:  "Jan (Monk) Vandenbos" <jan @
 cypronet .
 com> at internet-mail
Date:    12/12/95 5:17 AM


HI...
     
I'm sorry if this is the wrong place to ask this question.
     
Does anyone know how I can refuse access to my nameservers 
to certain sites?
     
Ie:  if my nameserver is foo.bar.com (named) (dns)
     
can I reject
     
x.x.x.x from access it, or using it to resolve?
     
Thanks.
     
...Jan
Indexed By Date Previous: Re: TIS user list
From: Frederick M Avolio <avolio @ trusted . com>
Next: Re: modems and accessing the internal network
From: Michel Dansereau <mdansereau @ cid . aes . doe . CA>
Indexed By Thread Previous: Re: Denying DNS services
From: newton @ communica . com . au (Mark Newton)
Next: Re: Denying DNS services
From: Brian Murrell <murrell @ bctel . net>
Google
 
Search Internet Search www.greatcircle.com