bind configuration help

Kevin Darcy kcd at chrysler.com
Wed Nov 11 17:52:56 UTC 2009 

Holger Honert wrote:
> Security issues!
>
> Usually you only want *trusted* clients to use your server recursively.
>
> And you don't really want to allow *any* fetching your hosted zones 
> for doing something bad, i.e. getting (unwanted!) infos
> over your network and infrastructure.
If the infos are public, they're public, the only difference is that 
zone transfers are a more efficient way of fetching more than about 2 or 
3 records in a single transaction, compared to querying each one 
individually.

If you want your network and infrastructure infos to be private, then 
put them in a private zone that can't be queried from the Internet at all.

                                                                         
                                                   - Kevin

> Regards
>
> Holger
>
>
> Jukka Pakkanen schrieb:
>> Sorry, but could You specify more accurately what is "bad" ? This is
>> my first bind configuration, so probably I've made some mistakes, but
>> I'd like to do it the right way in the end.:)
>>
>> On Tue, Nov 10, 2009 at 11:19 PM, Laurent CARON <lcaron at lncsa.com> wrote:
>>   
>>>>     allow-recursion { any; };
>>>>       
>>> bad
>>>
>>>     
>>>>     allow-transfer { any; };
>>>>       
>>> bad
>>>
>>>     
>>
>> It's usually a bad idea to allow "any" to use your server recursively, or allow "any" transfer zone data. Like an "open dns-server".
>>
>>
>>
>>
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>>   
>
>
> ------------------------------------------------------------------------
> SIGNAL Krankenversicherung a. G., Sitz: Dortmund, HR B 2405, AG Dortmund
> IDUNA Vereinigte Lebensversicherung aG für Handwerk, Handel und Gewerbe,
> Sitz: Hamburg, HR B 2740, AG Hamburg
> Deutscher Ring Krankenversicherungsverein a.G., Sitz: Hamburg,
> HR B 4673, AG Hamburg,
> SIGNAL IDUNA Allgemeine Versicherung AG, Sitz: Dortmund, HR B 19108,
> AG Dortmund
> Vorstände: Reinhold Schulte (Vorsitzender),
> Wolfgang Fauter (stellv. Vorsitzender), Dr. Karl-Josef Bierth,
> Jens O. Geldmacher, Marlies Hirschberg-Tafel,
> Michael Johnigk, Ulrich Leitermann, Michael Petmecky,
> Dr. Klaus Sticker, Prof. Dr. Markus Warg
> Vorsitzender der Aufsichtsräte: Günter Kutz
> SIGNAL IDUNA Gruppe Hauptverwaltungen, Internet: www.signal-iduna.de
> 44121 Dortmund, Hausanschrift: Joseph-Scherer-Str. 3, 44139 Dortmund
> 20351 Hamburg, Hausanschrift: Neue Rabenstraße 15-19, 20354 Hamburg
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list