Firewall Wizards mailing list archives
RE: Does blocking TCP DNS packets keep your Bind safe?
From: Todd <todd () unm edu>
Date: Sun, 11 Mar 2001 19:37:06 -0700 (MST)
ben, all, i have to agree with this sentiment. because of the well-known "inbound traffic problem" that i believe marcus identified and certainly has described most adequately, it is necessary to allow some traffic in through a firewall, if we want to offer any network-based services. that traffic should be directed to a secure service running on a well-administered machine. dns is certainly one of the services we want to offer. since the ISC have proven that they are incapable of secure coding, we should look at alternatives. thankfully, there is one: djbdns from dan bernstein is secure, extremely fast, and easy to set up and administer. i'd encourage anyone who cares about security and understands the inbound traffic problem to seriously consider it. todd On Mon, 12 Mar 2001, Ben Nagy wrote:
Date: Mon, 12 Mar 2001 09:27:08 +1030 From: Ben Nagy <ben.nagy () marconi com au> To: firewall-wizards () nfr net Subject: RE: [fw-wiz] Does blocking TCP DNS packets keep your Bind safe? So, in summary: Why not avoid seeing how much we can screw with stuff before it breaks and just work on not having BIND suck? We need TCP responses. If your DNS server can't handle them securely, get a NEW one. Personally, not using BIND is my solution at the moment. (Maybe the IETF's DNSSec stuff will make it aaaaaaalllll better?) Cheers, -- Ben Nagy Network Security Specialist Marconi Services Australia Pty Ltd Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Does blocking TCP DNS packets keep your Bind safe?, (continued)
- Re: Does blocking TCP DNS packets keep your Bind safe? M. Dodge Mumford (Mar 10)
- Re: Does blocking TCP DNS packets keep your Bind safe? David Lang (Mar 10)
- Does blocking TCP DNS packets keep your Bind safe? Don Kendrick (Mar 09)
- Re: Does blocking TCP DNS packets keep your Bind safe? John Adams (Mar 10)
- Re: Does blocking TCP DNS packets keep your Bind safe? Crist Clark (Mar 10)
- Re: Does blocking TCP DNS packets keep your Bind safe? Jeff Sedayao (Mar 10)
- Re: Does blocking TCP DNS packets keep your Bind safe? Andrew Huffer (Mar 10)
- Re: Does blocking TCP DNS packets keep your Bind safe? Bill_Royds (Mar 10)
- RE: Does blocking TCP DNS packets keep your Bind safe? Ben Nagy (Mar 11)
- Re: Does blocking TCP DNS packets keep your Bind safe? Luca Berra (Mar 13)
- RE: Does blocking TCP DNS packets keep your Bind safe? Todd (Mar 13)
- Re: Does blocking TCP DNS packets keep your Bind safe? Darren Reed (Mar 14)
- Re: Does blocking TCP DNS packets keep your Bind safe? Todd (Mar 14)
- Re: Does blocking TCP DNS packets keep your Bind safe? Darren Reed (Mar 14)
- RE: Does blocking TCP DNS packets keep your Bind safe? Todd (Mar 16)