Firewall Wizards mailing list archives
Re: dns outbound
From: Lance Spitzner <spitzner () dimension net>
Date: Mon, 17 May 1999 00:55:18 -0400 (EDT)
On Thu, 13 May 1999, Deepak Vaidya wrote:
I have gotten a request to allow all clients behind a firewall to have unrestricted access to dns servers outside the firewall. Can I get help in coming up with pros and cons off doing that. I tried to search the archives but the search page is not working properly. I am not comfortable in allowing udp packets outbound from all systems. If it helps we are using firewall-1.
Personally, I do not see any harm in allowing DNS outbound through the Firewall (UDP). However, you should have an internal DNS server that everyone is using. To open DNS outbound on Firewall-1, all you need is Internal - Any - Domain_UDP - Accept NOTE: Make sure you are NOT using the default DNS rules in FW-1 Properties settings. Lance Spitzner http://www.enteract.com/~lspitz/papers.html Internetworking & Security Engineer Dimension Enterprises Inc
Current thread:
- dns outbound Deepak Vaidya (May 16)
- Re: dns outbound Lance Spitzner (May 17)
- Re: dns outbound Larry Chin (May 17)
- RE: dns outbound Thomas Crowe (May 18)
- Re: dns outbound Joseph S D Yao (May 17)
- <Possible follow-ups>
- Re: dns outbound David Goldsmith (May 17)
- RE: dns outbound Buckley, Neil (May 17)
- Re: dns outbound Ryan Russell (May 17)
- Re: dns outbound Marcus J. Ranum (May 18)
- Re: dns outbound chuck (May 18)
- Re: dns outbound Ge' Weijers (May 19)
- Re: dns outbound Matt McClung (May 18)
- Re: dns outbound Marcus J. Ranum (May 18)