Reply To: Configure Firewall to Accept DNS Requests for Slave Zones

Home Page Forums Network Management Firewall, Traffic Shaping and Net Balancer Configure Firewall to Accept DNS Requests for Slave Zones Reply To: Configure Firewall to Accept DNS Requests for Slave Zones

#53105

derrick
Member

Adding 0.0.0.0/0 as discussed above will add this network range to the “internal-in” view of the named.conf generated by Zeroshell. Recursion and other features are enabled in this view. This opens the instance up to DNS Amplification DDOS attacks: https://www.us-cert.gov/ncas/alerts/TA13-088A.

Alternatively, I tried to add allow-query { 0.0.0.0/0; }; to DNS Options but this did not work. In /tmp/named.conf this was proceeded by allow-query { localclients; }; and I am not sure if this replaces the preceding option. I am still trying to figure out a proper solution.

I am going to create a new post under the Networking forum.