how to configure BIND to deny the nslookup's ls command

[Cricket Liu]

> How to configure BIND 8.2.1 to deny the client's nslookup request to ls
> all the hosts within your domain?

The allow-transfer substatement ("ls" is just a zone transfer):

zone "acmebw.com" {
    type master;
    file "db.acmebw.com";
    allow-transfer { 192.168.0.1; };
};

Remember to use it on slaves, too:  It's just as easy to transfer a zone off
of a slave.

cricket