[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [opensuse-security] A curious firewall message I don't understand.
-----BEGIN PGP SIGNED MESSAGE-----
The Friday 2008-01-18 at 01:22 +0100, agr.suzdal wrote:
- u say: Then the funny thing is why is the firewall blocking that "answer"
- me: no, the router is not blocking the answer, it return an answer for your
querry [SRC=192.168.1.12 DST=220.127.116.11 LEN=62 TOS=0x00 PREC=0x00 TTL=64
ID=61490 DF PROTO=UDP SPT=2529 DPT=53 LEN=42 ], saying "i can't talk to DNS
SERVER" not reach (18.104.22.168)
I'll have to digest the rest of your answer O:-)
- u say: Perhaps I should open the firewall to port 53, which currently is
not, as I don't serve dns queries
- me: one question - why you installed the bind pack? why u need it?
only is needed when you want a dns server, but isn't a common uses for a
normal/common user, however in most cases, you don't need it for navigate
With a dns server's ip on resolv.conf is enough for that purpose and only is
needed bind-utils-9.3.2-56.3 - (Utilities to query and test DNS) and
bind-libs-9.3.2-56.3 - (Shared libraries of BIND).
Well... I first set up bind as a cache server, which by default is what
the suse bind rpm does. When you have a modem, a dns cache server makes
sense, because it speeds up queries. When I upgraded to adsl I kept it. In
fact, the router, which is an embedded little box suplied by my isp,
running linux 2.4, also contains a dns server configured as cache.
Then I also configured my bind to answer local queries for a "faked" local
domain: this time for learning how to do it.
I know, I know: it is not necesary. But it works.
u only need to open de 53 port when you want to serve dns to each other
Right, which is why I keep it clossed, unless I'm running tests.
The rest of your message I'll study tomorrow :-)
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
-----END PGP SIGNATURE-----
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx