On Fri, Nov 17, 2000 at 10:18:19AM +0200, [EMAIL PROTECTED] wrote:
> >Boyan Krosnov <[EMAIL PROTECTED]> wrote:
> >malko twyrde kysno ama wse pak moje oshte da ne ste chuli...
> >
> >towa e golqm problem i ako ste administrator na name server wzemete merki.
> >
> >--
> >Boyan Krosnov (http://www.nat.bg/~bkrosnov)
> >Network Administrator
> >Lirex BG Ltd.
>
>
> Bravo na Boyan <bkrosnov at lirex dot com>
> che chete bugtraq, pohvalno.
> Verno, che e kysno - predi sedmica izleze adviseory-to.
> No ne e "golqm problem", tyi kato *samo* zasegnati sa
> nameserverite koito praviat zone transfer, t.e trafika koito stava
> v LAN-a ili WAN, primerno.Tozi zone-transfer moje da byde ogranichen
> ili napylno sprian ot named.conf chrez acl lists.Taka che ne vijdam
> miasto za panika i paranoia.
Kakto se okazva obache, 3/4 ot clientite mi polzvat file koito si e v
distributsiata na bind, koito izglejda taka:
options {
directory "/var/named";
};
zone "." {
type hint;
file "root.cache";
};
zone "localhost" {
type master;
file "pri/localhost";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pri/127.0.0";
};
zone "rc.vix.com" {
type stub;
file "stub/rc.vix.com";
masters { 204.152.187.21; };
zone "186.152.204.in-addr.arpa" {
type stub;
file "stub/204.152.186";
masters { 204.152.187.21; };
};
zone "187.152.204.in-addr.arpa" {
type stub;
file "stub/204.152.187";
masters { 204.152.187.21; };
};
Kato samo sa promenili imenata na zonite. T.e. okolo 1/4 samo se biaha setili da si
slojat:
query-source address * port 53;
allow-transfer
{
193.bbb.ccc.ddd ;
}
I to samo zashtoto pri predishnata shumotevica okolo NPTR bug-a, biah gi
reviziral... Taka che si e problem.
--
=- --rw------- =--=--=--=--=--=--=--=--=--=--=--=--=--=
Theodor Milkov Administrator IP Networks
Davidov Electric Ltd. Phone: +359 (2) 730158
PGP: http://www.zimage.delbg.com/zimage.asc
=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=
PGP signature
