Yea that is a very good idea to tighten up the settings to the ISP DNS. So in that regard, if I wanted to use the internal machine as a nameserver for a public website, would it still be able to hand out replies to DNS requests?
Basically would limiting the outgoing rules on the nameserver and forwarding rules on the firewall to just the ISP nameservers prevent the internal nameserver from responding to public requests?
As I was reading the IP tables tutorial on ESTABLISHED and RELATED connections it sounded like it might not matter as we set the rules to allow connections that have been established, which would allow a response to be sent. However, please let me know if I am misinterpreting this or you think I am mistaken. Thanks for all your help.
|