How to disable record listing ?
Tal Dayan
tal at zapta.com
Fri Jul 28 18:56:22 UTC 2000
Hi Jim,
We assign each of our customers a sub domain name so we don't want a
competitor
sucking up our customer list from our DNS server (I did it myself as an
exercise and
could get the entire customer list of one of our competitors, this is
scary).
What would be the best way to avoid third parties getting our lists ? Is it
enough if
we do it ourselves and ask our ISP to do the same ?
Thanks,
Tal
> -----Original Message-----
> From: Jim Reid [mailto:jim at rfc1035.com]
> Sent: Friday, July 28, 2000 6:23 AM
> To: ted_jmt at zapta.com
> Cc: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: How to disable record listing ?
>
>
> >>>>> "ted" == ted jmt <ted_jmt at zapta.com> writes:
>
> ted> When we query both servers with nslookup 'ls' command we get
> ted> the entire list of hosts in our domain (there are several
> ted> hundreds of them). Is there a way to instruct Bind not to
> ted> release the list and still have the ISP server backing up our
> ted> server ?
>
> The allow-transfer clause in named.conf can be used to control who can
> do zone transfers. This is what the ls command of nslookup does. [BTW,
> nslookup is a pathetic tool: use dig for DNS troubleshooting.] However
> restricting zone transfers doesn't achieve much. For instance if you
> only let your ISP's name server do zone transfers of your zone(s),
> there's not much point unless they configure their server to do
> likewise. There's usually not a resource problem with zone transfers,
> so limiting them "because of the load" is unlikely to be a factor. And
> restricting zone transfers doesn't make anything more (or less)
> secure.
>
More information about the bind-users
mailing list