RE: blocking AXFR record query

To: "LeVA" <leva@az.isten.hu>, "Debian-Security" <debian-security@lists.debian.org>
Subject: RE: blocking AXFR record query
From: "James Miller" <jimm@simutronics.com>
Date: Wed, 28 Jan 2004 13:52:27 -0600
Message-id: <[🔎] NDBBKABJBJCIJNAELLKEAEHOJDAA.jimm@simutronics.com>
Reply-to: <jimm@simutronics.com>
In-reply-to: <[🔎] 200401281943.57333.leva@az.isten.hu>


If memory serves.. AXFR is a zone transfer... So, at your firewall, would
want to only allowing TCP queries from your backup (secondary,
trinary..etc.) dns servers (on the outside of your firewall) and limit
everyone else to UDP queries.  And for your bind9 config something like
this:

allow-transfer {
backup.dns1.host.blah;
backup.dns2.host.blah;
localhost;
};



just my $0.02
--jimm



> -----Original Message-----
> From: LeVA [mailto:leva@az.isten.hu]
> Sent: Wednesday, January 28, 2004 12:44 PM
> To: Debian-Security
> Subject: blocking AXFR record query
>
>
> Hi!
>
> Anyone could tell me how could I deny the AXFR record query on my bind
> server? I'm looking for some global variable, not specifiing
> per-address.
>
> Thanks!
>
> Daniel
>
> --
> LeVA
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>

Reply to:

Follow-Ups:
- Re: blocking AXFR record query
  - From: David Barroso <tomac@somoslopeor.com>
- RE: blocking AXFR record query
  - From: HdV@DTO.TUDelft.NL

References:
- blocking AXFR record query
  - From: LeVA <leva@az.isten.hu>

Prev by Date: Re: blocking AXFR record query
Next by Date: Re: blocking AXFR record query
Previous by thread: Re: blocking AXFR record query
Next by thread: Re: blocking AXFR record query
Index(es):
- Date
- Thread