unSpawn |
04-04-2013 01:51 PM |
Quote:
Originally Posted by cliffordw
(Post 4923504)
If it is the name server for a LAN, then it is the first stop for all queries, and needs to respond to legitimate requests for the isc.org domain (either with the root servers if recursion is off, or with the final answer if recursion is on). In such a case the iptables rules should probably be refined to block only requests from the outside, while still allowing them from inside (by physical interface or IP range).
|
If it is the name server for a LAN then it shouldn't be listening on any public interfaces in the first place ;-p Besides that, and this is more a basic thing, common QTYPES are A, MX or quad A. Apart from a certain stubborn MTA the "wildcard" or ANY QTYPE isn't that commonly seen percentage-wise.
|