> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > jmc > Sent: Monday, August 11, 2008 10:16 AM > To: [email protected] > Subject: Re: ls -d > > --- Ejaz [Mon, Aug 11, 2008 at 04:43:25PM +0300]: --- > > Dear all, > > I have two dns server with same version of bind and with similar configuration, > > > > When ever i go with my ns2 (ns2.cyberia.net.sa) server into nslookup mode, any > can can run the command: ls -d "domain name" as an arugement and gettting full > dump information about that domain. > > > > Please can any one guide me that How do I set up my Bind to not show my > domain if someone does this(ls -d "domainname") to me. > > as far as i know, ls -d just does an AXFR, so just disable AXFRs for the > IP making the request. i could be missing something, however.
Yes, you need to shut off zone transfers to unauthorized IP's and/or ranges, as well as disable recursion to internet clients, eg: [EMAIL PROTECTED] ~]# dig @ns2.cyberia.net.sa PHP.NET ; <<>> DiG 9.3.4-P1 <<>> @ns2.cyberia.net.sa PHP.NET ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37704 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;PHP.NET. IN A ;; ANSWER SECTION: PHP.NET. 86395 IN A 69.147.83.197 ;; AUTHORITY SECTION: PHP.NET. 66384 IN NS remote1.easydns.com. PHP.NET. 66384 IN NS remote2.easydns.com. PHP.NET. 66384 IN NS ns1.easydns.com. PHP.NET. 66384 IN NS ns2.easydns.com. ;; Query time: 192 msec ;; SERVER: 212.119.64.3#53(212.119.64.3) ;; WHEN: Mon Aug 11 10:26:16 2008 ;; MSG SIZE rcvd: 132
