ls?
Will Yardley
ilovednsrelatedspam at hq.newdream.net
Fri Dec 21 01:04:47 UTC 2001
Mick wrote:
> Is there a way to cut off the ability of a user to do an "ls" query
> from my name server? At this time anyone can do an ls domain.com from
> my server and it will spit out the info for the domain (given that it
> is a local domain)
just add an allow-transfer clause in your named.conf file in the options
section.
something like:
options {
directory "/blah";
your-other-options "foo";
allow-transfer {
123.123.123.123; // this is a comment
123.123.123.233; // this is for my home server
};
};
just make sure you add the IP address for all places you need to
transfer to. also note that unless it's configured to use a specific IP
address, named will use the machine's base IP address to request
transfers from - so if a dns server you need to transfer to is using a
virtual IP address, you may need to also allow the machine's main
address. if it has a virtual interface on the same switch / network
segment that the other machine is on, it will probably prefer that since
it's the shortest path.
--
Experience -- a great teacher, but the tutition fees...
More information about the bind-users
mailing list