[NTLUG:Discuss] opinions on where to run DNS server..... firewallvsmain server.
Chris Cox
cjcox at acm.org
Fri Mar 3 22:57:15 CST 2000
Jonathan Miller wrote:
>
> On Wed, 1 Mar 2000, MadHat wrote:
>
> > I am curious why you say this? How is policing UDP any differant from
> > TCP, it is still based on IP and port, so why is it more dificult?
>
> OK, you know, I don't remember either. I saw Rusty talk about this and I
> remember there was some huge problem with DNS and it's usage of TCP and
> and UDP, but I might be confusing this with the problems FTP has with
> ipchains. I've looked around and there doesn't seem to any problem in only
> allowing access from certain machines.
>
UDP is more difficult because TCP has a packet header type...with UDP
you usually have to dig into the contents of the message to make
reasonable/questionable determinations about the message type.
More information about the Discuss
mailing list