disabling "Any" requests
JLightner at water.com
Thu Jul 12 14:16:05 UTC 2012
Your answer was clearly meant to be tongue in cheek but I'm not sure you understood.
The OP wasn't asking how to stop all (any) lookups - it was how to stop "dig -t any" which isn't the same thing at all. Presumably they still want to allow dig -t mx, dig www... etc...
Personally I don't know why "dig -t any" would be a problem. It's not exactly the same as doing an axfr transfer of the zone - it still only gets limited information.
From: bind-users-bounces+jlightner=water.com at lists.isc.org [mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf Of Chuck Swiger
Sent: Thursday, July 12, 2012 9:39 AM
To: Dns Administrator
Cc: bind-users at lists.isc.org
Subject: Re: disabling "Any" requests
On Jul 12, 2012, at 2:27 AM, Dns Administrator wrote:
> Hi bind-users,
> please excuse my ignorance being a novice to dns, but is there some way of disabling or choking "Any" type requests?
Sure-- a firewall or even taking a pair of wire-cutters to the ethernet cable will accomplish that. :-)
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
More information about the bind-users