Penetration Testing mailing list archives
RE: DNS ACL ?
From: "Jason Muskat" <Jason () TechDude Ca>
Date: Sun, 13 Nov 2005 14:11:22 -0500
As long as less then a handful for RR are returned UDP is fine. ... Don't forget to allow the DNS servers outbound reply. Regards, Jason Muskat, GCUX, de VE3TSJ Jason () TechDude Ca +1-416-414-9934 SMS PGP Key: 7B447CD9 Fingerprint: 29A2 63C5 F623 EE9D 2453 B840 2818 5CA7 7B44 7CD9 Linux Guru Since 2002 Without security there can be no privacy. -----Original Message----- From: John Hally [mailto:JHally () epnet com] Sent: Friday, November 11, 2005 8:35 AM To: 'pen-test () securityfocus com' Subject: DNS ACL ? Hello All, I need a sanity check regarding DNS ACLs. For external facing DNS servers you need to allow only udp/53 inbound, correct? I know tcp/53 is used for zone transfers and requests/replies greater than a certain size, but they shouldn't typically happen for general dns queries correct? Thanks in advance! ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- DNS ACL ? John Hally (Nov 11)
- Re: DNS ACL ? Stephen J. Smoogen (Nov 13)
- RE: DNS ACL ? Jason Muskat (Nov 13)
- RE: DNS ACL ? Giancarlo Paolillo (Nov 13)
- Re: DNS ACL ? Thor (Hammer of God) (Nov 13)
- Re: DNS ACL ? Richard C Lewis (Nov 13)
- Re: DNS ACL ? Chris Brenton (Nov 13)
- Re: DNS ACL ? Lynx (Nov 13)
- Re: DNS ACL ? Justin Ferguson (Nov 14)
- <Possible follow-ups>
- Re: DNS ACL ? John Nemeth (Nov 13)
- RE: DNS ACL ? Maher Odeh (Nov 13)
- FW: DNS ACL ? Dario Ciccarone (dciccaro) (Nov 21)
- RE: DNS ACL ? Kyle Quest (Nov 22)
(Thread continues...)