[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] FW1: DNS Query Question
Hi,
I've dropped this question yesterday, but
without any success.
I've a question regarding DNS
query:
I've enabled dns_verification and see
domain-udp drops in the firewall log
from internal and external
servers.
It's rule 0, which is dropping the
packets.
The external servers are doing the query to
our external DNS servers
Our internal servers to external servers,
like: i.root-servers.net.
We're hosting web-sites for customers and
registeing domains for customers aswell
Can somebody explain why it's needed to
accept and what is domain-udp doing
and for whom should it be
allowed.
Implied
rules:
- Accept VPN1 & Firewall-1 Control
Connections -->
First
- Accecpt
RIP
--> First
- Accept Domain Name Over UDP
(Queries) -->
First
- Accept Domain Name over TCP (Zone
Transfer -->
First
- Accept
ICMP
--> Before Last
- Accept Outgoing Packets Originating From
Gateway --> Last
Thanx in advanced
Darrel
Louis
|