How to disable record listing ?
Jim Reid
jim at rfc1035.com
Fri Jul 28 13:23:17 UTC 2000
>>>>> "ted" == ted jmt <ted_jmt at zapta.com> writes:
ted> When we query both servers with nslookup 'ls' command we get
ted> the entire list of hosts in our domain (there are several
ted> hundreds of them). Is there a way to instruct Bind not to
ted> release the list and still have the ISP server backing up our
ted> server ?
The allow-transfer clause in named.conf can be used to control who can
do zone transfers. This is what the ls command of nslookup does. [BTW,
nslookup is a pathetic tool: use dig for DNS troubleshooting.] However
restricting zone transfers doesn't achieve much. For instance if you
only let your ISP's name server do zone transfers of your zone(s),
there's not much point unless they configure their server to do
likewise. There's usually not a resource problem with zone transfers,
so limiting them "because of the load" is unlikely to be a factor. And
restricting zone transfers doesn't make anything more (or less)
secure.
More information about the bind-users
mailing list