host -l

Michael Vincent K. Pozon - CompE vince at trinity.cebu.pilnet.com
Mon Apr 10 03:12:51 UTC 2000 

oks .. that's a good help ..
i though of that before but i was thinking if there's any other configs i
missed ;) ..thnx


On Sun, 9 Apr 2000, Garry wrote:

> 
> 
> make sure you add the allow-transfers line to ALL of your secondaries too.
> I've came up with that problem. If it cant get to the primary it will try
> secondaries.
> 
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Michael Vincent K. Pozon - CompE
> Sent: Sunday, April 09, 2000 10:02 PM
> To: Thor Kottelin
> Cc: BIND Users Mailing List
> Subject: Re: host -l
> 
> 
> 
> what i'm trying to do is to restrict an unauthorized host requesting
> for "host -l mydomain.com" ...
> 
> for example .. if i do this command from my linux box:
> 
> [vince at prophecy vince]$ host -l rutgers.edu
> Rutgers.EDU name server dns1.Rutgers.EDU
> Rutgers.EDU name server dns2.Rutgers.EDU
> Rutgers.EDU name server dns3.Rutgers.EDU
> Rutgers.EDU name server turtle.mcc.com
> Rutgers.EDU has address 165.230.4.76
> grad03.Rutgers.EDU has address 128.6.20.29
> dgcacook4.Rutgers.EDU has address 128.6.87.158
> grad04.Rutgers.EDU has address 128.6.20.30
> ...
> ...
> ..
> .
> 
> notice the output of that command , it reveals all the host under the
> domain rutgers.edu ... my point is , i want to configure the DNS of
> rutgers.edu in such a way that if i issue the command , as stated above,
> there will be no output of revelaing the hosts ... but instead , an
> "Unapproved request" or something like that ..
> 
> any idea ?
> i already configured named.conf with allow-transfer option but the thing
> still works :(
> 
> 
> 
> 
> 
> On Sun, 9 Apr 2000, Thor Kottelin wrote:
> 
> >
> >
> > "Michael Vincent K. Pozon - CompE" wrote:
> > >
> > > i already configured allow-transfer in general and it works great, it
> will
> > > not approve an AXFR from an unauthorize request but what i'm concern
> about
> > > is the command "host -l mydomain.com" ... how do i restrict to not
> output
> > > valuable domain data to unauthorize request ...
> >
> > I'm not very familiar with the host command, but I just tried it on a
> > Linux box, and what it seems to do is pull a zone transfer. Have you
> > configured all your authoritative servers to allow zone transfers only to
> > designated secondaries?
> >
> > If you need more detailed help with troubleshooting your domain, please
> > tell us its real name instead of this mydomain.com riddle.
> >
> > Thor
> >
> >
> > > On Sun, 9 Apr 2000, Thor Kottelin wrote:
> >
> > > > BIND Users Mailing List wrote:
> > > >
> > > > > From: "Michael Vincent K. Pozon - CompE"
> <vince at trinity.cebu.pilnet.com>
> > > >
> > > > >  the slave will output zone entries to the unauthorize
> > > > > user because my slave DNS doesnt have an allow-transfer set yet.
> anyways
> > > > > ... is that why an unathorize request of 'host -l mydomain.com' is
> not
> > > > > restricted ?
> > > >
> > > > IIRC, zone transfers are allowed by default. If you need to know why
> no
> > > > restrictions have been set, you should probably ask whoever configured
> > > > your server. Anyway, if you don't want to allow the world to pull
> zones,
> > > > use the allow-transfer option to deny access (assuming BIND 8).
> >
> > --
> > Plain old email is very insecure. Please make it
> > a little safer for yourself and me by using PGP.
> > FAQ: <URL:http://www.pgp.net/pgpnet/pgp-faq/>.
> > My public keys are available from key servers.
> >
> >
> >
> 
> --
> m  i  c  h  a  e  l   v  i  n  c  e  n  t   p  o  z  o  n
>           ::  mikevince at netexecutive.com  ::
> ---------------------------------------------------------------
> HPS Software & Communication Corp.     ICQ : 1413343
> Pilipino Internet Cebu              office : (+63)(32) 3447847
> Systems/Network Administrator       home   : (+63)(32) 3446427
> - - - - - - - - - - - - - - - - - - cell   : (+63) 917-3276966
>  - - - - - - - - - - - - - - - - -  http://mikevince.tripod.com
> 
> 
> 
> 

--
m  i  c  h  a  e  l   v  i  n  c  e  n  t   p  o  z  o  n
          ::  mikevince at netexecutive.com  ::
---------------------------------------------------------------
HPS Software & Communication Corp.     ICQ : 1413343
Pilipino Internet Cebu              office : (+63)(32) 3447847
Systems/Network Administrator       home   : (+63)(32) 3446427
- - - - - - - - - - - - - - - - - - cell   : (+63) 917-3276966
 - - - - - - - - - - - - - - - - -  http://mikevince.tripod.com

More information about the bind-users mailing list