-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 430-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 28th, 2004
Hi!
Anyone could tell me how could I deny the AXFR record query on my bind
server? I'm looking for some global variable, not specifiing
per-address.
Thanks!
Daniel
--
LeVA
Quoting LeVA ([EMAIL PROTECTED]):
Anyone could tell me how could I deny the AXFR record query on my bind
server? I'm looking for some global variable, not specifiing
per-address.
I think the split-DNS example at the end of section 4.3, here, will
help:
If memory serves.. AXFR is a zone transfer... So, at your firewall, would
want to only allowing TCP queries from your backup (secondary,
trinary..etc.) dns servers (on the outside of your firewall) and limit
everyone else to UDP queries. And for your bind9 config something like
this:
* James Miller ([EMAIL PROTECTED]) wrote:
If memory serves.. AXFR is a zone transfer... So, at your firewall, would
want to only allowing TCP queries from your backup (secondary,
trinary..etc.) dns servers (on the outside of your firewall) and limit
everyone else to UDP queries. And for
I've finally been annoyed enough by spammer hits on
my DNS that I've pulled out the BOG for the first time
in several years.
What I'd like to accomplish is the following:
* allow-query for a specific list of addresses
to use the server for their dns resolution.
*
Dale Amon said on Wed, Jan 28, 2004 at 10:11:16PM +:
I've finally been annoyed enough by spammer hits on
my DNS that I've pulled out the BOG for the first time
in several years.
What I'd like to accomplish is the following:
* allow-query for a specific list of addresses
I am trying to chroot the apache-ssl process (from the apache-ssl package) version 1.3.26 using Debian Woody as the environment.
but when I execute:
chroot /chroot/apache-ssl /usr/sbin/apache-ssl
I ge the following error:
apache-ssl: bad user name www-data
Which is something I didn't expect.
On Wed, 28 Jan 2004, Mark Ferlatte wrote:
options {
allow-recursion {
mydomain;
};
};
This allows hosts in the mydomain acl to make recursive DNS queries, and
blocks
recursion for everyone else. Recursion is what allows bind to respond to
requests for zones
On Wed, 28 Jan 2004, Dale Amon wrote:
I've finally been annoyed enough by spammer hits on
my DNS that I've pulled out the BOG for the first time
in several years.
What I'd like to accomplish is the following:
* allow-query for a specific list of addresses
to use the
Things don't seem to be working quite as expected. I have
something like this now:
acl mydomain {
localhost;
192.168.0.0/24;
10.1.1.0/24;
};
There are many etho:n and I tried it with each ip
specified individually, then added the localhost key
word in addtion.
David Barroso wrote:
* James Miller ([EMAIL PROTECTED]) wrote:
If memory serves.. AXFR is a zone transfer... So, at your firewall, would
want to only allowing TCP queries from your backup (secondary,
trinary..etc.) dns servers (on the outside of your firewall) and limit
everyone else to UDP
12 matches
Mail list logo