Re: BIND9 transferring zones
On Thursday 13 March 2003 8:52 am, Tomàs Núñez Lirola wrote:
> Hi
> I've heard about disable zone transferring in BIND. I thought it is a good
> idea, in order to hide a little more your net (obviously you can query my
> DNS for all possible names and get the same information), but also I
> thought that if BIND transfer zones by default, it has some reason.
>
> So can anyone comment inconvenients/advantages of disabling transfer DNS
> zones?
advantages:
stops a form of DOS where people lag your dns by repeatedly transfering zones
stop unauthorised secondary domain servers which may hold outdated, incorrect
information
stop hackers getting an easy insight into your network - what can u tell about
your network by looking at your zone file?
disadvantages:
cannot transfer the zone to another system when backing up zone files using
dig or nslookup
>
> BTW: How can I disable zone transferring?
in its simplest form:
allow-transfer { none; };
its well worth printing yourself a copy of the BIND9ARM.
regards
waz
Reply to: