Hello, I would like to know what is the recommended ACL to configure in a router, to give a public DNS service.
I know the basic, permit eq domain, deny special use IP address (10.0.0.0/8, 192.168.0.0/16, ...), block everything else....
Do I need to open upper ports?, any ACL with established?
I would like suggestions to configure a solid ACL.
For transfers from another DNS server to yours (make sure this is correct, can be very dangerous) -
permit tcp host [remote dns server] host [your dns servers public IP] eq 53
For external people querying your DNS servers for dns lookups -
permit udp any host [your dns server public IP] eq 53
Hope that helps.