Hi, > This is something I have touched on before, but don't seem to have it quite > sorted.
You're not alone; many big ISPs don't even have their DNS straightened out. > The message below came from Log Check. I was told that if I entered > in my dns information into the "Server Settings" of the DNS records for the > domain of my Raq4 through the GUI, that AXFR tranfers from other sources > would not be approved. I stumbled over that last sentence many times (must be my bad), but I think I get your point. You should enter all IPs in the DNS settings page that are allowed to transfer domains from your box; most notably any secondary DNS machine. # if I recall correctly There has been discussion here with regards to an extra empty line (<CR> / <LF>; whatever) in that textbox. If it's there, remove it and restart the DNS server just in case. Then there's discussion in general: is there any point in blocking zone transfers, since "DNS data" is something public? I think there is a point, but I'm not willing to discuss it here as it's *way* OT. ;-) > In a later message from Log Check I received the following message: > > Mar 10 18:33:46 ns proftpd[31376]: 212.67.197.38 > (168.160.112.65[168.160.112.65]) - FTP session opened. Did you see a "FTP session closed" a couple seconds later? Prolly someone checking for anonymous ftp sites, but you're never sure. Does logcheck report all ftp sessions? > Note the same IP address, 168.160.112.65. Should I be concerned? Always! :-) Good luck... Nico _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
