Disable Bind's response to version queries and zone xfer requests

Ronald Procopio RonaldMarkProcopio at netscape.net
Wed Aug 18 00:43:59 UTC 1999



Barry Margolin wrote:
> 
> In article <37B8BDD6.5B8D938D at netscape.net>,
> Ronald Procopio  <RonaldMarkProcopio at netscape.net> wrote:
> >Under Bind 4 there is an option called SECURE_ZONE (yes I know there is
> >an underline - I belive that's right) that you can use in the BIND zone
> >file to limit transfer and queries of that specific zone.
> 
> SECURE_ZONE restricts *all* queries, not just zone transfers.  And it's
> gone in BIND 8 (the "allow-query" option in named.conf serves the same
> purpose).  If you want to restrict zone transfers in BIND 4.9.x you use
> "xfrnets" in named.boot.
> 
> BTW, why do you imply that there might be something wrong with the
> underscore?  The only place where underscores aren't allowed is in
> hostnames, and SECURE_ZONE isn't a hostname.  In fact, they probably put
> the underscore in the name precisely to avoid conflicting with a potential
> hostname.
> 
> --
> Barry Margolin, barmar at bbnplanet.com
> GTE Internetworking, Powered by BBN, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


That si what he was asking for - yes he would be better off upgrading
but his question regarded the version.bind cahso domain and wasy to
restrict QUERIES using bind4.  I was giveing him a possibility.  I have
no IDEA if you can even redefine VERSION.BIND. or not using a zone file.

It's not something I worried about - If I wanted it changed I would
change it before compiling. like IBM does (VERSION.BIND. on a AIX
distribited bind has the conmpiler informatin not the bind version).


More information about the bind-users mailing list