Re: BIND9 transferring zones

To: debian-isp@lists.debian.org
Subject: Re: BIND9 transferring zones
From: Warwick Brown <moonman@linux-moonman.net>
Date: Thu, 13 Mar 2003 09:50:43 +0000
Message-id: <200303130950.44034.moonman@linux-moonman.net>
In-reply-to: <200303130952.59882.tomas@asertel.es>
References: <200303130952.59882.tomas@asertel.es>

On Thursday 13 March 2003 8:52 am, Tomàs Núñez Lirola wrote:
> Hi
> I've heard about disable zone transferring in BIND. I thought it is a good
> idea, in order to hide a little more your net (obviously you can query my
> DNS for all possible names and get the same information), but also I
> thought that if BIND transfer zones by default, it has some reason.
>
> So can anyone comment inconvenients/advantages of disabling transfer DNS
> zones?

advantages:

stops a form of DOS where people lag your dns by repeatedly transfering zones

stop unauthorised secondary domain servers which may hold outdated, incorrect 
information

stop hackers getting an easy insight into your network - what can u tell about 
your network by looking at your zone file?

disadvantages:

cannot transfer the zone to another system when backing up zone files using 
dig or nslookup 


>
> BTW: How can I disable zone transferring?

in its simplest form:

allow-transfer { none; };


its well worth printing yourself a copy of the BIND9ARM.

regards

waz

Reply to:

Follow-Ups:
- Re: BIND9 transferring zones
  - From: Simon McCartney <simon@asidua.com>

References:
- BIND9 transferring zones
  - From: Tomàs Núñez Lirola <tomas@asertel.es>

Prev by Date: Re: BIND9 transferring zones
Next by Date: Re: BIND9 transferring zones
Previous by thread: Re: BIND9 transferring zones
Next by thread: Re: BIND9 transferring zones
Index(es):
- Date
- Thread