Reply To: Configure Firewall to Accept DNS Requests for Slave Zones

Forums Network Management Firewall, Traffic Shaping and Net Balancer Configure Firewall to Accept DNS Requests for Slave Zones Reply To: Configure Firewall to Accept DNS Requests for Slave Zones

#53105
derrick
Member

Adding 0.0.0.0/0 as discussed above will add this network range to the “internal-in” view of the named.conf generated by Zeroshell. Recursion and other features are enabled in this view. This opens the instance up to DNS Amplification DDOS attacks: https://www.us-cert.gov/ncas/alerts/TA13-088A.

Alternatively, I tried to add allow-query { 0.0.0.0/0; }; to DNS Options but this did not work. In /tmp/named.conf this was proceeded by allow-query { localclients; }; and I am not sure if this replaces the preceding option. I am still trying to figure out a proper solution.

I am going to create a new post under the Networking forum.