Disable Bind's response to version queries and zone xfer requests

[Ronald Procopio]

Barry Margolin wrote:
> 
> In article <37B8BDD6.5B8D938D at netscape.net>,
> Ronald Procopio  <RonaldMarkProcopio at netscape.net> wrote:
> >Under Bind 4 there is an option called SECURE_ZONE (yes I know there is
> >an underline - I belive that's right) that you can use in the BIND zone
> >file to limit transfer and queries of that specific zone.
> 
> SECURE_ZONE restricts *all* queries, not just zone transfers.  And it's
> gone in BIND 8 (the "allow-query" option in named.conf serves the same
> purpose).  If you want to restrict zone transfers in BIND 4.9.x you use
> "xfrnets" in named.boot.
> 
> BTW, why do you imply that there might be something wrong with the
> underscore?  The only place where underscores aren't allowed is in
> hostnames, and SECURE_ZONE isn't a hostname.  In fact, they probably put
> the underscore in the name precisely to avoid conflicting with a potential
> hostname.
> 
> --
> Barry Margolin, barmar at bbnplanet.com
> GTE Internetworking, Powered by BBN, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Because the syntax is the same has any TXT records would be.

It isn't a master file directive like $ORIGIN as it doesn't start with
a  $.  Therfore is a leftvalue which is normally a "host".  I don't know
how it is set up in the code I've never looked - it may be treated as a
directive even though it uses a host syntax.  And I'd like to point out
that he was looking for a way to restrict QUERIES fro version.bind. 
whther this would work or BIND might say he's redefing the zone I don't
know.  I was giving the requestor a possibility using BIND4 that he
might be able to use.

(why would any transfer the version.bind chaos domain?)