host -l

Thor Kottelin thor at anta.net
Sun Apr 9 13:18:46 UTC 2000



"Michael Vincent K. Pozon - CompE" wrote:
> 
> i already configured allow-transfer in general and it works great, it will
> not approve an AXFR from an unauthorize request but what i'm concern about
> is the command "host -l mydomain.com" ... how do i restrict to not output
> valuable domain data to unauthorize request ...

I'm not very familiar with the host command, but I just tried it on a
Linux box, and what it seems to do is pull a zone transfer. Have you
configured all your authoritative servers to allow zone transfers only to
designated secondaries?

If you need more detailed help with troubleshooting your domain, please
tell us its real name instead of this mydomain.com riddle.

Thor


> On Sun, 9 Apr 2000, Thor Kottelin wrote:

> > BIND Users Mailing List wrote:
> >
> > > From: "Michael Vincent K. Pozon - CompE" <vince at trinity.cebu.pilnet.com>
> >
> > >  the slave will output zone entries to the unauthorize
> > > user because my slave DNS doesnt have an allow-transfer set yet.  anyways
> > > ... is that why an unathorize request of 'host -l mydomain.com' is not
> > > restricted ?
> >
> > IIRC, zone transfers are allowed by default. If you need to know why no
> > restrictions have been set, you should probably ask whoever configured
> > your server. Anyway, if you don't want to allow the world to pull zones,
> > use the allow-transfer option to deny access (assuming BIND 8).

-- 
Plain old email is very insecure. Please make it
a little safer for yourself and me by using PGP.
FAQ: <URL:http://www.pgp.net/pgpnet/pgp-faq/>.
My public keys are available from key servers.




More information about the bind-users mailing list