blocking zone transfer
Jim Reid
jim at rfc1035.com
Tue Sep 26 21:35:54 UTC 2000
>>>>> "Renata" == Renata <rsiecz at cuprum.com.pl> writes:
Renata> Is it possible to block zone transfering in older bind
Renata> version? 'xfrnets' command is rejected in our bind
Renata> version
It must be *very* old. Or you're trying to use obsolete (BIND4)
notation with modern versions of BIND.
Install the current version - 9.0.0 (or 8.2.2P5 if you don't like
really new code) - and take a look at the allow-transfer clause.
BIND4, which understood xfrnets, has been dead for at least 2 years
now.
BTW, restricting zone transfers is an ineffective "security"
measure. Your DNS data is still public. Limitations on who can perform
zone transfers just restricts who's allowed to take a whole copy of
the zone. At best, this is a minor irritant to an attacker. It's an
example of security through obscurity.
More information about the bind-users
mailing list