host -l

Garry gwellman at dstream.net
Mon Apr 10 02:53:45 UTC 2000 


make sure you add the allow-transfers line to ALL of your secondaries too.
I've came up with that problem. If it cant get to the primary it will try
secondaries.

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Michael Vincent K. Pozon - CompE
Sent: Sunday, April 09, 2000 10:02 PM
To: Thor Kottelin
Cc: BIND Users Mailing List
Subject: Re: host -l



what i'm trying to do is to restrict an unauthorized host requesting
for "host -l mydomain.com" ...

for example .. if i do this command from my linux box:

[vince at prophecy vince]$ host -l rutgers.edu
Rutgers.EDU name server dns1.Rutgers.EDU
Rutgers.EDU name server dns2.Rutgers.EDU
Rutgers.EDU name server dns3.Rutgers.EDU
Rutgers.EDU name server turtle.mcc.com
Rutgers.EDU has address 165.230.4.76
grad03.Rutgers.EDU has address 128.6.20.29
dgcacook4.Rutgers.EDU has address 128.6.87.158
grad04.Rutgers.EDU has address 128.6.20.30
...
...
..
.

notice the output of that command , it reveals all the host under the
domain rutgers.edu ... my point is , i want to configure the DNS of
rutgers.edu in such a way that if i issue the command , as stated above,
there will be no output of revelaing the hosts ... but instead , an
"Unapproved request" or something like that ..

any idea ?
i already configured named.conf with allow-transfer option but the thing
still works :(





On Sun, 9 Apr 2000, Thor Kottelin wrote:

>
>
> "Michael Vincent K. Pozon - CompE" wrote:
> >
> > i already configured allow-transfer in general and it works great, it
will
> > not approve an AXFR from an unauthorize request but what i'm concern
about
> > is the command "host -l mydomain.com" ... how do i restrict to not
output
> > valuable domain data to unauthorize request ...
>
> I'm not very familiar with the host command, but I just tried it on a
> Linux box, and what it seems to do is pull a zone transfer. Have you
> configured all your authoritative servers to allow zone transfers only to
> designated secondaries?
>
> If you need more detailed help with troubleshooting your domain, please
> tell us its real name instead of this mydomain.com riddle.
>
> Thor
>
>
> > On Sun, 9 Apr 2000, Thor Kottelin wrote:
>
> > > BIND Users Mailing List wrote:
> > >
> > > > From: "Michael Vincent K. Pozon - CompE"
<vince at trinity.cebu.pilnet.com>
> > >
> > > >  the slave will output zone entries to the unauthorize
> > > > user because my slave DNS doesnt have an allow-transfer set yet.
anyways
> > > > ... is that why an unathorize request of 'host -l mydomain.com' is
not
> > > > restricted ?
> > >
> > > IIRC, zone transfers are allowed by default. If you need to know why
no
> > > restrictions have been set, you should probably ask whoever configured
> > > your server. Anyway, if you don't want to allow the world to pull
zones,
> > > use the allow-transfer option to deny access (assuming BIND 8).
>
> --
> Plain old email is very insecure. Please make it
> a little safer for yourself and me by using PGP.
> FAQ: <URL:http://www.pgp.net/pgpnet/pgp-faq/>.
> My public keys are available from key servers.
>
>
>

--
m  i  c  h  a  e  l   v  i  n  c  e  n  t   p  o  z  o  n
          ::  mikevince at netexecutive.com  ::
---------------------------------------------------------------
HPS Software & Communication Corp.     ICQ : 1413343
Pilipino Internet Cebu              office : (+63)(32) 3447847
Systems/Network Administrator       home   : (+63)(32) 3446427
- - - - - - - - - - - - - - - - - - cell   : (+63) 917-3276966
 - - - - - - - - - - - - - - - - -  http://mikevince.tripod.com

More information about the bind-users mailing list