Results 1 to 3 of 3
  1. #1
    Join Date
    Nov 2002

    Unhappy DNS securité problem (iptable)

    Hello to all,

    I have a small problem.
    I would like to reassure two DNS machines (a primary and a secondary) with iptables

    By default I block everything, but even with rules for the port 53, it blocks the queries needing to resolve via the primary, and the secondary does not manage to transfer the zones of the primary …

    DNS are on public ip, but to simplify, we are going to say that:

    The primary DNS is:
    The secondary DNS is:

    Here are iptables rules(sliders) which I have at present:
    iptables -F
    iptables -t nat -F
    iptables -t mangle -F
    iptables -X
    iptables -t nat -X
    iptables -t mangle -X

    iptables -P INPUT DROP
    iptables -P OUTPUT DROP
    iptables -P FORWARD DROP

    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    iptables -A INPUT -p tcp --dport 53 -j ACCEPT
    iptables -A INPUT -p udp --dport 53 -j ACCEPT

    iptables -A INPUT -i lo --source --destination -j ACCEPT
    Thus with these rules, I have quite a lot of problems (resolutions, transfersof zones)
    I found these rules on a forum, that seems to be interesting but as I do not know there not iptable, I ignore if it is what I miss or not.
    For information here is all the same what I found (not tested):

    #iptables -A INPUT -p tcp -s --sport 1024:65535 -d -dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
    #iptables -A OUTPUT -p tcp -s --sport 53:65535 -d -dport 1024:65535 -m state state ESTABLISHED -j ACCEPT
    If somebody can help me

    Thank you

    PS: server are under Linux Mandrake

  2. #2
    Join Date
    Mar 2003
    Kathmandu, Nepal
    maybe this should go in technical/security forums? I have no clue on this
    Kevin Ohashi - Founder of - Honest Web Hosting Reviews
    Check out our WordPress Hosting Performance Benchmarks (Updated: Sep 2016), the most comprehensive look at WP performance

  3. #3
    Join Date
    Oct 2004
    San Francisco, CA
    Quote Originally Posted by kohashi
    maybe this should go in technical/security forums?

    And moved.
    Tyler Cole
    Eeek, a Blog

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts