host -l

Michael Vincent K. Pozon - CompE vince at trinity.cebu.pilnet.com
Mon Apr 10 03:02:12 UTC 2000 

what i'm trying to do is to restrict an unauthorized host requesting
for "host -l mydomain.com" ...

for example .. if i do this command from my linux box:

[vince at prophecy vince]$ host -l rutgers.edu
Rutgers.EDU name server dns1.Rutgers.EDU
Rutgers.EDU name server dns2.Rutgers.EDU
Rutgers.EDU name server dns3.Rutgers.EDU
Rutgers.EDU name server turtle.mcc.com
Rutgers.EDU has address 165.230.4.76
grad03.Rutgers.EDU has address 128.6.20.29
dgcacook4.Rutgers.EDU has address 128.6.87.158
grad04.Rutgers.EDU has address 128.6.20.30
...
...
..
.

notice the output of that command , it reveals all the host under the
domain rutgers.edu ... my point is , i want to configure the DNS of
rutgers.edu in such a way that if i issue the command , as stated above,
there will be no output of revelaing the hosts ... but instead , an
"Unapproved request" or something like that .. 

any idea ? 
i already configured named.conf with allow-transfer option but the thing
still works :(

 



On Sun, 9 Apr 2000, Thor Kottelin wrote:

> 
> 
> "Michael Vincent K. Pozon - CompE" wrote:
> > 
> > i already configured allow-transfer in general and it works great, it will
> > not approve an AXFR from an unauthorize request but what i'm concern about
> > is the command "host -l mydomain.com" ... how do i restrict to not output
> > valuable domain data to unauthorize request ...
> 
> I'm not very familiar with the host command, but I just tried it on a
> Linux box, and what it seems to do is pull a zone transfer. Have you
> configured all your authoritative servers to allow zone transfers only to
> designated secondaries?
> 
> If you need more detailed help with troubleshooting your domain, please
> tell us its real name instead of this mydomain.com riddle.
> 
> Thor
> 
> 
> > On Sun, 9 Apr 2000, Thor Kottelin wrote:
> 
> > > BIND Users Mailing List wrote:
> > >
> > > > From: "Michael Vincent K. Pozon - CompE" <vince at trinity.cebu.pilnet.com>
> > >
> > > >  the slave will output zone entries to the unauthorize
> > > > user because my slave DNS doesnt have an allow-transfer set yet.  anyways
> > > > ... is that why an unathorize request of 'host -l mydomain.com' is not
> > > > restricted ?
> > >
> > > IIRC, zone transfers are allowed by default. If you need to know why no
> > > restrictions have been set, you should probably ask whoever configured
> > > your server. Anyway, if you don't want to allow the world to pull zones,
> > > use the allow-transfer option to deny access (assuming BIND 8).
> 
> -- 
> Plain old email is very insecure. Please make it
> a little safer for yourself and me by using PGP.
> FAQ: <URL:http://www.pgp.net/pgpnet/pgp-faq/>.
> My public keys are available from key servers.
> 
> 
> 

--
m  i  c  h  a  e  l   v  i  n  c  e  n  t   p  o  z  o  n
          ::  mikevince at netexecutive.com  ::
---------------------------------------------------------------
HPS Software & Communication Corp.     ICQ : 1413343
Pilipino Internet Cebu              office : (+63)(32) 3447847
Systems/Network Administrator       home   : (+63)(32) 3446427
- - - - - - - - - - - - - - - - - - cell   : (+63) 917-3276966
 - - - - - - - - - - - - - - - - -  http://mikevince.tripod.com

More information about the bind-users mailing list