[suse-security] SuSE firewall2 configuration for zone transfer

["M. Edwin" <edwin@xxxxxxxxx>]

Hi list,

I just setup name server for our domain. I allow-transfer on named.conf
to external server outside our domain for secondary name server.

	allow-query { any; };
      allow-transfer { 202.158.40.1; };

When I check on the log (/var/log/messages) there are several lines show
that the zone transfer to that server on highport is not allow like this
one:

Jul 22 13:25:25 mail /usr/sbin/named[28877]: client
::ffff:202.158.40.1#54516: zone transfer denied

I think it is because the firewall, so I check the firewall
configuration. But I think everything is Ok (correct me if I'm wrong). I
put the lines

FW_SERVICES_EXT_UDP="53"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain"

Anybody can give me advice?

Kind Regards,
M. Edwin



-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here