named.conf 'allow' options breaking dns {Scanned}
SW
wppiphoto at wppi.com
Wed Dec 31 17:14:31 UTC 2003
Pete,
Man, you have saved me! :-) I think now it works. As you recommended, I was
missing the end brace in the zone definiations. But I'm still not sure if I
can have the global options directive to only allow-query local network and
then all-query any under each zone definiation? Does the options directive
supercedes the zone definiation. I want to allow outside world to get access
to this dns server domain info so I'm not sure what I need to do or if
everything is now fixed.
Here is my updated /etc/named.conf file:
options {
directory "/etc/named";
allow-recursion { xxx.xxx.xxx.xxx/27; localhost; };
allow-query { xxx.xxx.xxx.xxx/27; localhost; };
version "WPPi Name Server - NA";
allow-transfer { 68.166.149.50; };
};
logging {
category lame-servers { null; };
};
zone "." {
type hint;
file "db.cache";
};
zone "pureportraits.com" {
type master;
file "pri.pureportraits.com";
allow-query { any; };
};
zone "ultraphotos.com" {
type master;
file "pri.ultraphotos.com";
allow-query { any; };
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pri.0.0.127.in-addr.arpa";
allow-query { any; };
};
zone "mcbc-dc.org" {
type master;
file "pri.mcbc-dc.org";
allow-query { any; };
};
----------
BTW, thanks to all who have helped. I greatly appreciate all who have
offered their help!!!
SW
----- Original Message -----
From: "Pete Ehlke" <pde at ehlke.net>
To: "SW" <wppiphoto at wppi.com>
Cc: "Bind Usergroup" <bind-users at isc.org>
Sent: Wednesday, December 31, 2003 11:17 AM
Subject: Re: named.conf 'allow' options breaking dns {Scanned}
On Wed, Dec 31, 2003 at 11:02:00AM -0500, SW wrote:
> Ok, I thought I followed all the right steps to fix a few vulunerabilities
> (excuse spelling). But now it seems on one is able to get any information
> off our dns server including local users. :-( Can't someone make bind a
> little simpler. ;-)
>
> Can someone tell me if there is a problem with the following
/etc/named.conf
> file:
>
> options {
> directory "/etc/named";
> allow-recursion { xxx.xxx.xxx.xxx/27; localhost; };
> allow-query { xxx.xxx.xxx.xxx/27; localhost; };
> version "WPPi Name Server - NA";
> allow-transfer { 68.166.149.50; };
> };
> logging {
> category lame-servers { null; };
> };
> zone "." { type hint; file "db.cache"; };
> zone "pureportraits.com" { type master; file "pri.pureportraits.com";
> allow-query { any; };
> zone "ultraphotos.com" { type master; file "pri.ultraphotos.com";
> allow-query { any; };
>
If that's actually your named.conf, it's invalid, as your zone
definitions are missing the end brace. It's usually a lot clearer to do
zone definitions as C or perl style indented blocks:
zone "ultraphotos.com" {
type master;
file "pri.ultraphotos.com";
allow-query { any; };
};
-------------------------------------------------
WPPi.com | WPPi.Net
-------------------------------------------------
http://www.wppi.com | http://www.wppi.net
-------------------------------------------------
WPPi.com & WPPi.Net MailScanner Signature
This message has been scanned for viruses
and dangerous content by WPPi MailScanner,
and has been found to be clean.
-------------------------------------------------
-------------------------------------------------
WPPi.com | WPPi.Net
-------------------------------------------------
http://www.wppi.com | http://www.wppi.net
-------------------------------------------------
WPPi.com & WPPi.Net MailScanner Signature
This message has been scanned for viruses
and dangerous content by WPPi MailScanner,
and has been found to be clean.
-------------------------------------------------
More information about the bind-users
mailing list