bind configuration help
Holger Honert
holger.honert at signal-iduna.org
Wed Nov 11 12:16:37 UTC 2009
Security issues!
Usually you only want *trusted* clients to use your server recursively.
And you don't really want to allow *any* fetching your hosted zones for
doing something bad, i.e. getting (unwanted!) infos
over your network and infrastructure.
Regards
Holger
Jukka Pakkanen schrieb:
> Sorry, but could You specify more accurately what is "bad" ? This is
> my first bind configuration, so probably I've made some mistakes, but
> I'd like to do it the right way in the end.:)
>
> On Tue, Nov 10, 2009 at 11:19 PM, Laurent CARON <lcaron at lncsa.com> wrote:
>
>>> allow-recursion { any; };
>>>
>> bad
>>
>>
>>> allow-transfer { any; };
>>>
>> bad
>>
>>
>
> It's usually a bad idea to allow "any" to use your server recursively, or allow "any" transfer zone data. Like an "open dns-server".
>
>
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
SIGNAL Krankenversicherung a. G., Sitz: Dortmund, HR B 2405, AG Dortmund
IDUNA Vereinigte Lebensversicherung aG für Handwerk, Handel und Gewerbe,
Sitz: Hamburg, HR B 2740, AG Hamburg
Deutscher Ring Krankenversicherungsverein a.G., Sitz: Hamburg,
HR B 4673, AG Hamburg,
SIGNAL IDUNA Allgemeine Versicherung AG, Sitz: Dortmund, HR B 19108,
AG Dortmund
Vorstände: Reinhold Schulte (Vorsitzender),
Wolfgang Fauter (stellv. Vorsitzender), Dr. Karl-Josef Bierth,
Jens O. Geldmacher, Marlies Hirschberg-Tafel,
Michael Johnigk, Ulrich Leitermann, Michael Petmecky,
Dr. Klaus Sticker, Prof. Dr. Markus Warg
Vorsitzender der Aufsichtsräte: Günter Kutz
SIGNAL IDUNA Gruppe Hauptverwaltungen, Internet: www.signal-iduna.de
44121 Dortmund, Hausanschrift: Joseph-Scherer-Str. 3, 44139 Dortmund
20351 Hamburg, Hausanschrift: Neue Rabenstraße 15-19, 20354 Hamburg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20091111/48634bca/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: holger_honert.vcf
Type: text/x-vcard
Size: 315 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20091111/48634bca/attachment.vcf>
More information about the bind-users
mailing list