Disable Bind's response to version queries and zone xfer requests
Ronald Procopio
RonaldMarkProcopio at netscape.net
Wed Aug 18 00:43:59 UTC 1999
Barry Margolin wrote:
>
> In article <37B8BDD6.5B8D938D at netscape.net>,
> Ronald Procopio <RonaldMarkProcopio at netscape.net> wrote:
> >Under Bind 4 there is an option called SECURE_ZONE (yes I know there is
> >an underline - I belive that's right) that you can use in the BIND zone
> >file to limit transfer and queries of that specific zone.
>
> SECURE_ZONE restricts *all* queries, not just zone transfers. And it's
> gone in BIND 8 (the "allow-query" option in named.conf serves the same
> purpose). If you want to restrict zone transfers in BIND 4.9.x you use
> "xfrnets" in named.boot.
>
> BTW, why do you imply that there might be something wrong with the
> underscore? The only place where underscores aren't allowed is in
> hostnames, and SECURE_ZONE isn't a hostname. In fact, they probably put
> the underscore in the name precisely to avoid conflicting with a potential
> hostname.
>
> --
> Barry Margolin, barmar at bbnplanet.com
> GTE Internetworking, Powered by BBN, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
That si what he was asking for - yes he would be better off upgrading
but his question regarded the version.bind cahso domain and wasy to
restrict QUERIES using bind4. I was giveing him a possibility. I have
no IDEA if you can even redefine VERSION.BIND. or not using a zone file.
It's not something I worried about - If I wanted it changed I would
change it before compiling. like IBM does (VERSION.BIND. on a AIX
distribited bind has the conmpiler informatin not the bind version).
More information about the bind-users
mailing list