Re: TCP/IP Filter Break Local DNS
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Wed, 30 Mar 2005 19:42:22 -0600
"John" <nospam@xxxxxxxxxx> wrote in message
news:eI#sPuUNFHA.4092@xxxxxxxxxxxxxxxxxxxxxxx
> I have a Win2k server, all patches up to date. I want to use TCP/IP
> filtering to increase the security of this server. DNS service is
installed
> locally and is only to be utilized for the server itself to resolve
domains.
> Essentially it's a caching resolver DNS with no forward domains.
Ok, but that is unnecessary in Win2000 since the DNS
client itself provides it's own caching (even in the server
product.)
You are actually arranging to cache twice which is likely
slower (than caching once.)
> All functions correctly until I enable UDP filtering within TCP/IP
> Filtering. As soon as this is enabled the server can no longer query the
DNS
> server that is installed directly on it. I allowed port 53 for UDP and TCP
> with no effect.
Where did you "enable filtering"? What product or interface?
If you enabled 53 UDP & TCP correctly then it would not
interfere with DNS queries.
> Any ideas? I would rather not keep all UDP ports open.
You don't need to do that, but we must know more about
HOW you created this filter?
IPSec? RRAS? NIC filters (ugh!)? Third party firewall?
.
- References:
- TCP/IP Filter Break Local DNS
- From: John
- TCP/IP Filter Break Local DNS
- Prev by Date: Re: host/domain dns resolution conflict
- Next by Date: Re: DNS Design Question--revisited
- Previous by thread: Re: TCP/IP Filter Break Local DNS
- Next by thread: problem with 2 nic cards with 2 DNS entries
- Index(es):
Relevant Pages
|
