securing up my config
Jim Reid
jim at rfc1035.com
Fri Jan 28 18:44:15 UTC 2000
>>>>> "Marc" == Marc Peiser <marc.peiser at shopsmart.com> writes:
Marc> Hi there, I running bind 8.2.2P5 and want to secure up my
Marc> server. Is it possible to stop anyone doing a "dig axfr
Marc> mydomain.com", ie I only want to give them one A or MX
Marc> record at a time.
Yes it is possible, but there's probably not a lot of point in doing
this. It doesn't make your zone data any more "secure" and it might be
a nuisance when troubleshooting problems because transfer requests
from certain addresses get rejected.
Marc> Who should dns zone transfers be limited to?
Whatever IP addresses you feel should be allowed to perform zone
transfers. You'll know who they are better than anyone else on this
list.
Marc> My secondaries?
Well if you don't let them do zone transfers, they'll stop being slave
(secondary) servers. And how can you stop them from letting anyone do
zone transfers for your zones?
Marc> How do I limit this?
The allow-transfer clause does this. You can set this either globally
or on a per-zone basis.
More information about the bind-users
mailing list