From owner-freebsd-security Wed Jul 18 7:41:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from bunrab.catwhisker.org (adsl-63-193-123-122.dsl.snfc21.pacbell.net [63.193.123.122]) by hub.freebsd.org (Postfix) with ESMTP id 503A037B401 for ; Wed, 18 Jul 2001 07:41:31 -0700 (PDT) (envelope-from david@catwhisker.org) Received: (from david@localhost) by bunrab.catwhisker.org (8.11.4/8.11.4) id f6IEfFH65804; Wed, 18 Jul 2001 07:41:15 -0700 (PDT) Date: Wed, 18 Jul 2001 07:41:15 -0700 (PDT) From: David Wolfskill Message-Id: <200107181441.f6IEfFH65804@bunrab.catwhisker.org> To: freebsd-security@FreeBSD.ORG, modulus@icmp.dhs.org Subject: Re: named & zone transfers In-Reply-To: <20010718223718.A14766-100000@icmp.dhs.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Date: Wed, 18 Jul 2001 22:38:57 -0500 (CDT) >From: modulus >I was wondering how i would restrict all zone transfers >with the exception of the secondary DNS daemon. Although I'd be very hard-pressed to consider this a "security" issue (or a FreeBSD one), the precise syntax will depend on which nameserver software you are using. For example, with BIND 8, the "options" statement may be used to specify a default policy with respect to zone transfers, and the "stanzas" for individual zones may contain clauses that override that default. The O'Reilly _DNS and BIND_ volume covers the material rather thoroughly. Cheers, david -- David H. Wolfskill david@catwhisker.org As a computing professional, I believe it would be unethical for me to advise, recommend, or support the use (save possibly for personal amusement) of any product that is or depends on any Microsoft product. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message