Quote:
Originally Posted by dmz1213
Code:
listen-on port 53 { 127.0.0.1; 198.4.195.45; };
allow-query { localhost; 192.168.122.0/24; };
|
If I read this correctly you have a caching-only name server set to serve your 192.168.122.0/24 range only. It should not listen on its public interface.
Quote:
Originally Posted by dmz1213
-A INPUT -i eth+ -j ACCEPT
|
Apart from re-ordering your rule set I've never seen network device notation using a plus sign...
Quote:
Originally Posted by dmz1213
# dig@198.4.195.45 cnn.com
|
If you intend the caching-only name server to
only serve your LAN, after all you set a strict "allow-query" rule, then what should accessing it via its public IP accomplish?