No browsing.... A common access-list pitfall is when people forget to allow DNS (Domain Name Servers) from their internal network to the provider's DNS servers. Mainly this is a problem on home or small office routers where you might not have an internal DNS server running. The following command allows DNS access from your hosts to the outside DNS server. In this example, our outside DNS servers are 192.168.30.11 and 192.168.30.12
access-list 110 permit udp host 192.168.30.11 eq domain any gt 1023
access-list 110 permit udp host 192.168.30.12 eq domain any gt 1023
GOOGLE Search
Sunday, March 30, 2008
Network Tip No. 37: ACL on DNS
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment