08-25-2009 05:15 AM - edited 03-06-2019 07:24 AM
In the firewall configuration I inherited, I see the firewall allows inbound DNS packets when coming from a designated external DNS server, for example:
access-list 101 permit udp host 206.13.31.12 eq domain host <myNetOutsideAddress>
Is it necessary or desirable to do this? If this were TCP I think the answer would be "no" since DNS is a connectionless protocol, but for udp I am unsure.
My network has an internal DNS server for internal name lookup, but the internal names are not usable nor intended to be used from outside.
Solved! Go to Solution.
08-25-2009 05:21 AM
No - this will allow any "un-triggered/un-requested" DNS updates to be sent to your DNS server.
If any clients on your "inside" need to resolve, as long as you are not blocking inside<>outside then the DNS reply that was initiated from the inside will be dynamically allowed thru.
HTH>
08-25-2009 05:21 AM
No - this will allow any "un-triggered/un-requested" DNS updates to be sent to your DNS server.
If any clients on your "inside" need to resolve, as long as you are not blocking inside<>outside then the DNS reply that was initiated from the inside will be dynamically allowed thru.
HTH>
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: