Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- IPTABLES and DNS
- Doug Holtz
May 14, 2007, 4:01 pm
rate this thread
I have a home server running CentOS 4.4, DHCP, DNS, SMB, and a genealogy
When I turn on the firewall my DNS seems to go away. My PC's (windows and
Ubuntu) can't get the addresses and time out.
I figured that DNS would not be bothered by the firewall, but I have proved
I used lokkit to open port 53 but that didn't solve the problem.
What do I need to do for my PC's to get DNS from this server with the
Re: IPTABLES and DNS
On 15 May 2007, in the Usenet newsgroup comp.os.linux.security, in article
1035 Domain names - implementation and specification. P.V.
Mockapetris. November 1987. (Format: TXT=125626 bytes) (Obsoletes
RFC0973, RFC0882, RFC0883) (Updated by RFC1101, RFC1183, RFC1348,
RFC1876, RFC1982, RFC1995, RFC1996, RFC2065, RFC2136, RFC2181,
RFC2137, RFC2308, RFC2535, RFC2845, RFC3425, RFC3658, RFC4033,
RFC4034, RFC4035, RFC4343, RFC2137, RFC2845, RFC3425, RFC3658,
RFC4035, RFC4033) (Also STD0013) (Status: STANDARD)
DNS responses using UDP are limited in size to 512 octets (see paragraph
2.3.4. "Size limits"). With some responses, there may be more data than
will fit in 512 octets. In that case, the DNS server sets the "TC" or
"TrunCation" flag, which specifies that this message was truncated due
to length greater than that permitted on the transmission channel.
Your resolver _MAY_ re-send the DNS query using TCP which has a far
larger length restriction. Thus, both TCP _and_ UDP should be allowed
through the firewall.
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security