kerio DNS rules

Discussion in 'other firewalls' started by iceni60, Feb 12, 2005.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, i lost my Kerio 2.1.5 rules when i did a system restore and the backup i had isn't very good. i'm trying to configure my DNS rules. i'm useing BZ's rules and he has two rules called primary and secondary DNS server. if i do ipconfg/all it shows two DNS severs they are what i am useing. do these DNS rules look OK? thanks
     

    Attached Files:

  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi iceni60

    Those rules look fine :)

    Once in a blue moon DNS will use TCP outbound. If you should start to see these being blocked you could modify your rules:

    Permit, Inbound, UDP, local 1024-5000, remote 53, remote IP DNS server.
    Permit Outbound TCP/UDP, local 1024-5000, remote 53, remote IP DNS server.

    Regards,

    CrazyM
     
  3. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks, CrazyM :) i was going to ask about that, i would have thought it would mainly use TCP, obviously not, shows how much i know. it looks like through out the loading of a page the browser will send out a UDP DNS request, load that bit of data, then ask for the next bit, useing another DNS request, then load that, so through out the loading of a page there will be lots of little UDP datagrams. it makes sense now, i was just watching how it works with a packet sniffer. is that correct? :)
     
  4. ghost16825

    ghost16825 Registered Member

    Joined:
    Feb 1, 2005
    Posts:
    84
    According to RFC TCP will be used for transfers over 512 bytes. It probably occurs rarer than a blue moon. I do not believe this behaviour justifies a rule but that's just me - I have never seen it occur in everyday use.

    On another note, DNS bears many similarities to HTTP even though HTTP is a TCP protocol. Hence you can see why HTTP or DNS is used for covert channels.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.