Actually, I've got chrooted 'named' running fine and have had for over 3 years. We have just changed our network topology (only a single static IP address now) and moved our firewall/web/mail to e-smith 4.1.2 to consolidate them under the single IP address.
Since the e-smith 'named' is configured to only support the inside network, I want to take our previously existing DNS server and park it behind the e-smith server.
I've followed the settings described in the 'ipmasqadm portfw' instructions and set things up to pass port 53 on both tcp and udp protocols, but the dns requests are not being forwarded.
Here are my ipmasqadm lines again:
ipmasqadm portfw -p tcp -L $OUTSIDE_IP 53 -R $INSIDE_IP 53
ipmasqadm portfw -p udp -L $OUTSIDE_IP 53 -R $INSIDE_IP 53
Is there another port that I'm missing?
Tim Jones
tjones1@home.comMike Sensney wrote:
>
> John wrote:
> >
> > I have the same problem... Why is this dissabled by default?
> > any info would help
>
> Bind is easy to hack. DNS security is not an easy subject. If
> you are not serious about security, you have a couple of good
> options.
>
> 1) Use http.www.zoneedit.com to host your DNS records.
> Secure. Easy web based admin. First 5 domains are free. I
> highly recommend them.
>
> 2) Set up an external DNS server outside your LAN. Expect it
> to be hacked. If it does, no harm done to your LAN.
>
> If you _really_ want to have your DNS server behind your
> firewall, you had better start with "DNS and Bind" then
> follow through with the Bind security lists. Even then you
> had better expect your server will still get hacked and that
> you will have an intruder inside your firewall. Good luck.
3 Replies
866 Views