This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Packet-Filter-Rule for round-robin-DNS-Adresses?

Hello,

I want to allow one of our servers to query the following Hosts using NTP:

0.de.pool.ntp.org
1.de.pool.ntp.org
2.de.pool.ntp.org
de.pool.ntp.org

[/list]

Each of these hostnames has 12 IPs and they change every hour (round-robin)
Does it make sense to define a network group of 4 "DNS hostnames", when the IP-adresses change every hour?

(I want to define a packet-filter-rule to allow NTP-traffic to all of these 4 hostnames)

This thread was automatically locked due to age.

Parents

0 wk_03 over 20 years ago

thran,

why do you want to make special rules for that?

Do you see any security problem, if your rule is:

internal - ntp - any allow

you only open port 123 for outgoing traffic to any ntp-server, but no incoming or suspicious ports.

I use also the pool.ntp.org addresses with the one rule above.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 wk_03 over 20 years ago

thran,

why do you want to make special rules for that?

Do you see any security problem, if your rule is:

internal - ntp - any allow

you only open port 123 for outgoing traffic to any ntp-server, but no incoming or suspicious ports.

I use also the pool.ntp.org addresses with the one rule above.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data