How to disable record listing ?
Tal Dayan
tal at zapta.com
Fri Jul 28 19:18:11 UTC 2000
Thanks for the info.
The motivation for the blocking is to avoid our competitors getting our
customer list (each has a sub domain).
We asked our ISP to block the list as well.
Tal
> -----Original Message-----
> From: jim at gromit.rfc1035.com [mailto:jim at gromit.rfc1035.com]On Behalf Of
> Jim Reid
> Sent: Friday, July 28, 2000 6:23 AM
> To: ted_jmt at zapta.com
> Cc: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: How to disable record listing ?
>
>
> >>>>> "ted" == ted jmt <ted_jmt at zapta.com> writes:
>
> ted> When we query both servers with nslookup 'ls' command we get
> ted> the entire list of hosts in our domain (there are several
> ted> hundreds of them). Is there a way to instruct Bind not to
> ted> release the list and still have the ISP server backing up our
> ted> server ?
>
> The allow-transfer clause in named.conf can be used to control who can
> do zone transfers. This is what the ls command of nslookup does. [BTW,
> nslookup is a pathetic tool: use dig for DNS troubleshooting.] However
> restricting zone transfers doesn't achieve much. For instance if you
> only let your ISP's name server do zone transfers of your zone(s),
> there's not much point unless they configure their server to do
> likewise. There's usually not a resource problem with zone transfers,
> so limiting them "because of the load" is unlikely to be a factor. And
> restricting zone transfers doesn't make anything more (or less)
> secure.
>
>
>
More information about the bind-users
mailing list