Question on Bind 8.2.2P5

Bhangui_S Bhangui_S at bls.gov
Wed Feb 9 20:19:34 UTC 2000


Thanks Barry for the response. But that leads to the following question.

Is it possible to configure "no zone transfers" from specific hosts in BIND
8.2.2P5 since by default named allows everyone to do a zone transfer. If so
what option to use in the named.conf file to accomplish that or could you
point me to a URL which has the information as to how to deny zone transfers
if at all it is possible in 8.2.2p5

Thanks
Sandeep

-----Original Message-----
From: Barry Margolin [mailto:barmar at bbnplanet.com]
Sent: Tuesday, February 08, 2000 3:40 PM
To: comp-protocols-dns-bind at moderators.uu.net
Subject: Re: Question on Bind 8.2.2P5


In article <200E2FA22B2AD2119AC000104B6A0A8601A24026 at PSBMAIL1>,
Bhangui_S  <Bhangui_S at bls.gov> wrote:
>Hello
>	Just now upgraded BIND from 4.9.4 P1 to 8.2.2P5 on Solaris 2.6. Most
>of the things went fine without any hassles and the named came up fine
after
>reboot. My machines resolve names looking at the DNS on which I upgarded te
>BIND. But on the Solaris 2.6 machine which has Bind 8.2.2P5 running I see
>the folowoing messages in "/var/adm/messages" these messages are repeated
at
>regaulr intervals. I am just going to put few messgaes. Th equestions I
have
>
>
>1. What do the messages mean? Is there a problem in the way BIND is working
>on my machine. Overall it looks to be working fine.

They indicate that 128.231.200.34, 166.96.240.2, and 129.231.201.32 are
trying to transfer zones from your machine, but those addresses aren't in
the allow-transfer option in your names.conf.

>2. How do I get rid of these messages? What files will I have to edit it at
>all I can get rid of these messages?

Are these other machines supposed to be slave servers for your domains?  If
so, edit named.conf and fix the allow-transfer option to include them.

By default, named allows anyone to transfer.  So the only way these could
have been excluded in the first place is if you put in an allow-transfer
option yourself.  If you used named-bootconf to convert your named.boot
file to named.conf, the allow-transfer option would have come from the
xfrnets option in the old named.boot file.

>eb  8 14:54:59 dcgate named[137]: unapproved AXFR from
>[128.231.200.34].37791 f
>or "142.146.in-addr.arpa" (acl)
>Feb  8 14:56:09 dcgate named[137]: unapproved AXFR from
[166.96.240.2].56647
>for
> "bls.gov" (acl)
>Feb  8 14:56:34 dcgate named[137]: unapproved AXFR from
>[128.231.201.32].45099 f
>or "142.146.in-addr.arpa" (acl)



-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the
group.




More information about the bind-users mailing list