Re: [ITCENTER] log DNS server

Tue, 07 Mar 2006 08:38:19 -0800 

Just Nobody wrote:

>Dear,
>
>Bagaimana caranya agar log dibawah ini tidak muncul?
>Log ini saya dapatkan di DNS server saya. (Bind, Fedora Core4 
>2.6.14-1.1637_FC4)
>
>FYI:
>192.168.10.2 : IP windows 2000 advanced server (Domain controller Local)
>
>[EMAIL PROTECTED] ~]# tail -f /var/log/messages
>Mar  6 11:34:53 freak named[8247]: client 192.168.10.2#1566: update 
>'10.168.192.in-addr.arpa/IN' denied
>Mar  6 12:34:53 freak named[8247]: client 192.168.10.2#1661: update 
>'10.168.192.in-addr.arpa/IN' denied
>Mar  6 12:39:53 freak named[8247]: client 192.168.10.2#1677: update 
>'10.168.192.in-addr.arpa/IN' denied
>
>===============
>options {
>    directory "/var/named";
>    pid-file "/var/named/named.pid";
>    query-source address * port 53;
>*   allow-transfer {192.168.10.2;};   *
>    forward first;
>       forwarders {
>           202.xxx.xxx.xxx;
>           202.xxx.xxx.xxx;
>         };
>==============
>Apakah dengan memasukkan ip 192.168.10.2 kedalam Allow-transfer adalah 
>tindakan yang aman?
>apa ada cara dengan mematikan servis "x" di windows 2000 adavanced 
>server nya?
>Klo iya, Service apa yang harus dimatikan?
>
>Thanks,
>
>
>Regards,
>
>  
>

Allow-transfer itu adalah salah satu fungsi untuk zone transfer (CMIIW). 
Apa di windows nya ada secondary ns? Kalo nggak ya nggak ada pengaruhnya 
pake allow-transfer.

http://www.zytrax.com/books/dns/ch7/xfer.html

 allow-transfer { address_match_list 
<http://www.zytrax.com/books/dns/ch7/address_match_list.html> };
 allow-transfer {192.168.0.3;};

*allow-transfer* defines a match list 
<http://www.zytrax.com/books/dns/ch7/address_match_list.html> e.g. IP 
address(es) that are allowed to transfer (copy) the zone information 
from the server (master or slave for the zone). The default behaviour is 
to allow zone transfers to any host. While on its face this seems a 
strange default - DNS data is essentially public - the bad guys can get 
all of it anyway - thats why its there. However if the thought of anyone 
being able to transfer your precious zone file is repugnant then use the 
following policy.


-- 
- Cygnus -





-- 
www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia 
Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] 
:: Hapus bagian yang tidak perlu (footer, dst) saat reply! :: 
## Jobs: itcenter.or.id/jobs ## Bursa: itcenter.or.id/bursa ##
$$ Iklan/promosi : www.itcenter.or.id/sponsorship $$

[@@] Jaket ITCENTER tersedia di http://shop.itcenter.or.id 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/ITCENTER/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Kirim email ke