Disable Bind's response to version queries and zone xfer requests
bind-users at progressive-comp.com
bind-users at progressive-comp.com
Thu Aug 5 20:43:18 UTC 1999
On 1999-08-04, Barry Margolin <barmar at bbnplanet.com> wrote:
> In article <FCFEEAA0D131D311BDD000805FA70AEC49633C at cljfsdw1.GrandForks.a
> f.mil>, Villella, James <James.Villella at grandforks.af.mil> wrote:
> > Bind v4.9.7 running on WinNT
> >
> > I need to configure it so that it will not return a version number,
> > and so that it will not honor zone xfer requests.
> I think the only way to get it not to respond to the version query is
> by patching the source code. It's a hard-coded feature and there's no
> runtime configuration of it.
[ In which case: James, are you able to recompile bind on your NT box? ]
You could try a rather neat trick proposed last year by LaMont Jones on
Bugtraq: basically create a dummy 'bind' zone and restrict access to it:
http://www.progressive-comp.com/Lists/?l=bugtraq&m=90221103125895&w=2
Note that he's discussing doing so under bind 8 -- it's been long enough
since I spent much time on bind 4 that I can't remember at the moment if it
supports what you need to make this work (setting allow-query on a per-zone
basis). For that matter, I've never tested the above, since I had been
using patched bind's for a long time before reading his suggestion. But,
it is a neat trick.
--
Hank Leininger <hlein at progressive-comp.com>
More information about the bind-users
mailing list