Zone Transfer Q
Sami Yousif
syousif at iname.com
Wed Jul 7 17:28:53 UTC 1999
Jim Reid wrote:
> >>>>> "Marc" == Trottier, Marc <MTrottie at NRCan.gc.ca> writes:
>
> Marc> Hello, I would like configure my DNS server to disallow zone
> Marc> transfers from system other the peer DNS server that I
> Marc> participate with. How do I do so ?
>
> That depends on your name server. In BIND8, an allow-transfer
> substatement in the zone statement will do this. Some versions of
> BIND4 support an xfernets directive in named.boot to restrict who can
> do zone transfers. Personally, I don't see the point of restricting
> zone transfers. It doesn't make things "more secure" and needlessly
> complicates your DNS administration.
Depends what you have in your zone records.
zone files can be used by crackers to determine which ips may be
"interesting" to look at with a port scanner, or listen to if they have
already "owned" a machine on that network...
zone file can be used to get a "clearer picture" of the internal network
structure.
The HINFO records can be used to quickly assess possible vulnurabilites.
some places have TXT records that contain information that can be used in
social engineering.
--
-
Sami Yousif
mailto:syousif at iname.com
http://www.mav.net/teddyr/syousif/ Personal Page
http://www.alug.org/ Amarillo Linux Users Group
[eMail sent to any of my addresses is subject to the Conditions outlined
in http://www.mav.net/teddyr/emailtos.shtml]
More information about the bind-users
mailing list