named.conf 'allow' options breaking dns {Scanned}

Pete Ehlke pde at ehlke.net
Wed Dec 31 16:17:38 UTC 2003


On Wed, Dec 31, 2003 at 11:02:00AM -0500, SW wrote:
> Ok, I thought I followed all the right steps to fix a few vulunerabilities
> (excuse spelling). But now it seems on one is able to get any information
> off our dns server including local users. :-(  Can't someone make bind a
> little simpler. ;-)
> 
> Can someone tell me if there is a problem with the following /etc/named.conf
> file:
> 
> options {
>         directory "/etc/named";
>         allow-recursion { xxx.xxx.xxx.xxx/27; localhost; };
>         allow-query { xxx.xxx.xxx.xxx/27; localhost; };
>         version "WPPi Name Server - NA";
>         allow-transfer { 68.166.149.50; };
> };
> logging {
>         category lame-servers { null; };
> };
> zone "." { type hint; file "db.cache"; };
> zone "pureportraits.com" { type master; file "pri.pureportraits.com";
> allow-query { any; };
> zone "ultraphotos.com" { type master; file "pri.ultraphotos.com";
> allow-query { any; };
> 
If that's actually your named.conf, it's invalid, as your zone
definitions are missing the end brace. It's usually a lot clearer to do
zone definitions as C or perl style indented blocks:

zone "ultraphotos.com" {
        type master; 
        file "pri.ultraphotos.com";
        allow-query { any; };
};




More information about the bind-users mailing list