DNS, specifically Bind, has options in the named.conf to limit zone
transfers and recursive lookups. You can use the 'allow-transfer { IP;
IP };' directive to restrict zone transfers.
Arne
On Thu, 2002-06-06 at 10:00, Antony Stone wrote:
> On Thursday 06 June 2002 2:48 pm, Raymond Leach wrote:
>
> > On Thursday 06 June 2002 15:45, Maciej Soltysiak wrote:
>
> > > Using netfilter you can not judge whether TCP:53 packet is a zone
> > > transfer or just a query.
> >
> > If you only expect to receive queries from internal interfaces then there
> > should be no 'queries' from external sources.
>
> Your statement is correct, however it does not help when you are running a
> domain name server which does need to be accessible from the outside, but you
> only want people to do standard lookups, and not zone transfers.
>
> I agree with Maciej - you should set appropriate access controls on the name
> server itself, because netfilter cannot do it for you.
>
>
> Antony.
--
Arne Sagnes - Email: [EMAIL PROTECTED]
Work: +1 216 787 8613 - Cell: +1 216 577 2319
Be careful of reading health books, you might die of a misprint.
