[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] A curious firewall message I don't understand.

Hash: SHA1

The Friday 2008-01-18 at 01:22 +0100, agr.suzdal wrote:

- u say: Then the funny thing is why is the firewall blocking that "answer" :-? - me: no, the router is not blocking the answer, it return an answer for your querry [SRC= DST= LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=61490 DF PROTO=UDP SPT=2529 DPT=53 LEN=42 ], saying "i can't talk to DNS SERVER" not reach (

I'll have to digest the rest of your answer O:-)

- u say: Perhaps I should open the firewall to port 53, which currently is not, as I don't serve dns queries

- me: one question - why you installed the bind pack? why u need it?
only is needed when you want a dns server, but isn't a common uses for a normal/common user, however in most cases, you don't need it for navigate thru Internet. With a dns server's ip on resolv.conf is enough for that purpose and only is needed bind-utils-9.3.2-56.3 - (Utilities to query and test DNS) and bind-libs-9.3.2-56.3 - (Shared libraries of BIND).

Well... I first set up bind as a cache server, which by default is what the suse bind rpm does. When you have a modem, a dns cache server makes sense, because it speeds up queries. When I upgraded to adsl I kept it. In fact, the router, which is an embedded little box suplied by my isp, running linux 2.4, also contains a dns server configured as cache.

Then I also configured my bind to answer local queries for a "faked" local
domain: this time for learning how to do it.

I know, I know: it is not necesary. But it works.

u only need to open de 53 port when you want to serve dns to each other (lan,wan,internet, etc...).

Right, which is why I keep it clossed, unless I'm running tests.

The rest of your message I'll study tomorrow :-)

- -- Cheers,
       Carlos E. R.

Version: GnuPG v2.0.4-svn0 (GNU/Linux)

To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx