Unapproved AXFR?
Dave Wreski
dave at nic.com
Mon Dec 13 18:38:10 UTC 1999
> Lots of computer "security" measures are in place simply because they
> correspond to items in common checklists, not because the site has made a
> conscious decision that they protect something valuable. Many sites adhere
> to the conservative policy of blocking anything they're not sure about, and
> only allowing things through that they know are OK.
What I've done is to put hosts in the DMZ that do not need direct access
from untrusted networks in a seperate zone, and restrict queries and zone
transfers to specific hosts in the DMZ.
Dave
More information about the bind-users
mailing list