bind configuration
Nenita Manaois
cyberlab at magix.com.sg
Mon Feb 28 08:00:09 UTC 2000
hi,
i have read vulnerability issues re: "allow-query" entries in the bind
config. however, when i tried to use it, (i.e., allow-query only to the
authoritative servers for my domain) and turned recursion off, my users
started complaining that their local web sites couldnt be resolved and
emails sent to them are not delivered in their mailbox. i had no choice
but to allow-query to everyone and turn recursion on. does this mean my
server is now vulnerable? :(
btw, i shld be a primary server for my domain.
here's my config file. your comments and suggestions will be highly
appreciated.
======================================================================
options {
directory "/var/named";
transfer-format one-answer;
allow-query {any;};
recursion yes;
cleaning-interval 60;
interface-interval 60;
statistics-interval 60;
query-source port 53;
};
logging {
channel queries-logfile {
file "/var/log/namedlog";
print-time yes;
};
category queries {queries-logfile;};
};
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
allow-transfer {<ip address of authoritative servers for my domain>};
notify yes;
};
zone "mydomain.com" {
type master;
file "db.mydomain.com";
allow-transfer {<ip address of authoritative servers for my domain>};
notify yes;
};
zone "0.168.192.in-addr.arpa"{
type slave;
file "db.192.168.0.0";
masters {192.168.0.1;};
allow-transfer {<ip address of authoritative servers for my domain>};
notify yes;
};
zone "." {
type hint;
file "cache.db";
};
More information about the bind-users
mailing list