[NTLUG:Discuss] opinions on where to run DNS server..... firewallvsmain server.
MadHat
madhat at unspecific.com
Mon Mar 6 10:01:49 CST 2000
MadHat wrote:
>
> Chris Cox wrote:
> >
> > Jonathan Miller wrote:
> > >
> > > On Wed, 1 Mar 2000, MadHat wrote:
> > >
> > > > I am curious why you say this? How is policing UDP any differant from
> > > > TCP, it is still based on IP and port, so why is it more dificult?
> > >
> > > OK, you know, I don't remember either. I saw Rusty talk about this and I
> > > remember there was some huge problem with DNS and it's usage of TCP and
> > > and UDP, but I might be confusing this with the problems FTP has with
> > > ipchains. I've looked around and there doesn't seem to any problem in only
> > > allowing access from certain machines.
> > >
> >
> > UDP is more difficult because TCP has a packet header type...with UDP
> > you usually have to dig into the contents of the message to make
> > reasonable/questionable determinations about the message type.
>
> Are you saying UDP doesn't have headers on it's packets? If so, I am
> almost certain you are incorrect and the ipchains facility will be able
> to filter UDP packets (if designated) the same way that it does the
> TCP/IP packets.
>
> http://www.tcm.hut.fi/Studies/Tik-110.350/1997/Essays/udp.html
> Is just one reference I found.
http://www.lex-con.com/protocols/tcpip.htm
I like this one too. Pictures are good.
--
%_=split';','f; Perl ;h;st a;o;ker;@;not;.;hac;u;her;d;ju';
print map $_{$_}, split //,
'madhat at unspecific.com'
# aka Lee Heath, but don't tell anyone.
More information about the Discuss
mailing list