On Wed, 28 Jan 2004, James Miller wrote:
If memory serves.. AXFR is a zone transfer... So, at your firewall, would
want to only allowing TCP queries from your backup (secondary,
trinary..etc.) dns servers (on the outside of your firewall) and limit
everyone else to UDP queries.
I am no BIND
Quoting LeVA ([EMAIL PROTECTED]):
Anyone could tell me how could I deny the AXFR record query on my bind
server? I'm looking for some global variable, not specifiing
per-address.
I think the split-DNS example at the end of section 4.3, here, will
help:
If memory serves.. AXFR is a zone transfer... So, at your firewall, would
want to only allowing TCP queries from your backup (secondary,
trinary..etc.) dns servers (on the outside of your firewall) and limit
everyone else to UDP queries. And for your bind9 config something like
this:
* James Miller ([EMAIL PROTECTED]) wrote:
If memory serves.. AXFR is a zone transfer... So, at your firewall, would
want to only allowing TCP queries from your backup (secondary,
trinary..etc.) dns servers (on the outside of your firewall) and limit
everyone else to UDP queries. And for
David Barroso wrote:
* James Miller ([EMAIL PROTECTED]) wrote:
If memory serves.. AXFR is a zone transfer... So, at your firewall, would
want to only allowing TCP queries from your backup (secondary,
trinary..etc.) dns servers (on the outside of your firewall) and limit
everyone else to UDP
5 matches
Mail list logo
