Is it necessary to permit udp eq domain through firewall?

Answered Question
Aug 25th, 2009

In the firewall configuration I inherited, I see the firewall allows inbound DNS packets when coming from a designated external DNS server, for example:

access-list 101 permit udp host 206.13.31.12 eq domain host <myNetOutsideAddress>

Is it necessary or desirable to do this? If this were TCP I think the answer would be "no" since DNS is a connectionless protocol, but for udp I am unsure.

My network has an internal DNS server for internal name lookup, but the internal names are not usable nor intended to be used from outside.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.

Actions

This Discussion