named.conf 'allow' options breaking dns {Scanned}

SW wppiphoto at wppi.com
Wed Dec 31 17:14:31 UTC 2003


Pete,

Man, you have saved me! :-)  I think now it works. As you recommended, I was
missing the end brace in the zone definiations. But I'm still not sure if I
can have the global options directive to only allow-query local network and
then all-query any under each zone definiation? Does the options directive
supercedes the zone definiation. I want to allow outside world to get access
to this dns server domain info so I'm not sure what I need to do or if
everything is now fixed.

Here is my updated /etc/named.conf file:

options {
        directory "/etc/named";
        allow-recursion { xxx.xxx.xxx.xxx/27; localhost; };
        allow-query { xxx.xxx.xxx.xxx/27; localhost; };
        version "WPPi Name Server - NA";
        allow-transfer { 68.166.149.50; };
};
logging {
        category lame-servers { null; };
};
zone "." {
    type hint;
    file "db.cache";
};
zone "pureportraits.com" {
    type master;
    file "pri.pureportraits.com";
    allow-query { any; };
};
zone "ultraphotos.com" {
    type master;
    file "pri.ultraphotos.com";
    allow-query { any; };
};
zone "0.0.127.in-addr.arpa" {
    type master;
    file "pri.0.0.127.in-addr.arpa";
    allow-query { any; };
};
zone "mcbc-dc.org" {
    type master;
    file "pri.mcbc-dc.org";
    allow-query { any; };
};

----------
BTW, thanks to all who have helped. I greatly appreciate all who have
offered their help!!!

SW
----- Original Message ----- 
From: "Pete Ehlke" <pde at ehlke.net>
To: "SW" <wppiphoto at wppi.com>
Cc: "Bind Usergroup" <bind-users at isc.org>
Sent: Wednesday, December 31, 2003 11:17 AM
Subject: Re: named.conf 'allow' options breaking dns {Scanned}


On Wed, Dec 31, 2003 at 11:02:00AM -0500, SW wrote:
> Ok, I thought I followed all the right steps to fix a few vulunerabilities
> (excuse spelling). But now it seems on one is able to get any information
> off our dns server including local users. :-(  Can't someone make bind a
> little simpler. ;-)
>
> Can someone tell me if there is a problem with the following
/etc/named.conf
> file:
>
> options {
>         directory "/etc/named";
>         allow-recursion { xxx.xxx.xxx.xxx/27; localhost; };
>         allow-query { xxx.xxx.xxx.xxx/27; localhost; };
>         version "WPPi Name Server - NA";
>         allow-transfer { 68.166.149.50; };
> };
> logging {
>         category lame-servers { null; };
> };
> zone "." { type hint; file "db.cache"; };
> zone "pureportraits.com" { type master; file "pri.pureportraits.com";
> allow-query { any; };
> zone "ultraphotos.com" { type master; file "pri.ultraphotos.com";
> allow-query { any; };
>
If that's actually your named.conf, it's invalid, as your zone
definitions are missing the end brace. It's usually a lot clearer to do
zone definitions as C or perl style indented blocks:

zone "ultraphotos.com" {
        type master;
        file "pri.ultraphotos.com";
        allow-query { any; };
};




-------------------------------------------------
        WPPi.com        |        WPPi.Net
-------------------------------------------------
  http://www.wppi.com   |  http://www.wppi.net
-------------------------------------------------
WPPi.com & WPPi.Net MailScanner Signature
This message has been scanned for viruses
and dangerous content by WPPi MailScanner,
and has been found to be clean.
-------------------------------------------------




-------------------------------------------------
        WPPi.com        |        WPPi.Net
-------------------------------------------------
  http://www.wppi.com   |  http://www.wppi.net
-------------------------------------------------
WPPi.com & WPPi.Net MailScanner Signature
This message has been scanned for viruses
and dangerous content by WPPi MailScanner,
and has been found to be clean.
-------------------------------------------------



More information about the bind-users mailing list