Home » Mailing list archives » openbsd-misc » 2008 » July » 9

Re: Actual BIND error - Patching OpenBSD 4.3 named ?

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Stuart Henderson <stu@...>
To: <misc@...>
Subject: Re: Actual BIND error - Patching OpenBSD 4.3 named ?
Date: Wednesday, July 9, 2008 - 8:10 am

On 2008-07-09, Steve Tornio  wrote:


named is. the stub resolver isn't.


mcbride@ pointed out that you can give named some more protection

by natting outbound udp traffic destined for port 53 (even just on

the box running the resolver, it doesn't have to be on a firewall

in front). something like,


nat on egress proto udp from (self) to any port 53 -> (self)


there - if you need to tell people you're doing something

while you wait for a better solution, you have an option.

check this with tcpdump and requests from multiple NS, the

doxpara.com checker will not notice this as an improvement.
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, Stuart Henderson, (Wed Jul 9, 8:10 am)
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, David Krause, (Thu Jul 10, 12:58 pm)
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, Ted Unangst, (Wed Jul 9, 1:19 pm)
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, Steve Tornio, (Wed Jul 9, 1:44 pm)
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, Ted Unangst, (Wed Jul 9, 2:09 pm)
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, openbsd misc, (Wed Jul 9, 3:49 pm)
Re: Actual BIND error - Patching OpenBSD 4.3 named ?, mark reardon, (Wed Jul 9, 8:26 am)