[NTLUG:Discuss] opinions on where to run DNS server..... firewallvsmain server.
Chris Cox
cjcox at acm.org
Sun Mar 12 14:46:39 CST 2000
Oops, you're correct. I guess I it's the fact that UDP is connectionless
(no state information is kept..no sequence info...etc.) that
causes the problem. You pretty much are limited to port based filtering...and
even then there could be problems.
MadHat wrote:
>
> MadHat wrote:
> >
> > Chris Cox wrote:
> > >
> > > Jonathan Miller wrote:
> > > >
> > > > On Wed, 1 Mar 2000, MadHat wrote:
> > > >
> > > > > I am curious why you say this? How is policing UDP any differant from
> > > > > TCP, it is still based on IP and port, so why is it more dificult?
> > > >
> > > > OK, you know, I don't remember either. I saw Rusty talk about this and I
> > > > remember there was some huge problem with DNS and it's usage of TCP and
> > > > and UDP, but I might be confusing this with the problems FTP has with
> > > > ipchains. I've looked around and there doesn't seem to any problem in only
> > > > allowing access from certain machines.
> > > >
> > >
> > > UDP is more difficult because TCP has a packet header type...with UDP
> > > you usually have to dig into the contents of the message to make
> > > reasonable/questionable determinations about the message type.
> >
> > Are you saying UDP doesn't have headers on it's packets? If so, I am
> > almost certain you are incorrect and the ipchains facility will be able
> > to filter UDP packets (if designated) the same way that it does the
> > TCP/IP packets.
> >
> > http://www.tcm.hut.fi/Studies/Tik-110.350/1997/Essays/udp.html
> > Is just one reference I found.
>
> http://www.lex-con.com/protocols/tcpip.htm
>
> I like this one too. Pictures are good.
>
> --
> %_=split';','f; Perl ;h;st a;o;ker;@;not;.;hac;u;her;d;ju';
> print map $_{$_}, split //,
> 'madhat at unspecific.com'
> # aka Lee Heath, but don't tell anyone.
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list