FW: ZXFR
Shawn_Evans at oxy.com
Shawn_Evans at oxy.com
Wed Nov 8 20:45:04 UTC 2000
replace 1.2.3/24 with the word none, ie:
options {
allow-transfer { none; };
};
---
- Shawn L. Evans, mailto:shawn_evans at oxy.com -
- Phone: 1-918-610-1897 Mobile: 1-918-361-7601 -
- Text Page: 8008056238 at airmessage.net -
- Pager: 1-800-805-6238 -
-----Original Message-----
From: Security, Network [mailto:Network.Security at OCIOFC.USDA.GOV]
Sent: Wednesday, November 08, 2000 2:25 PM
To: 'Shawn_Evans at oxy.com'
Cc: 'bind-users at isc.org'
Subject: RE: ZXFR
i realize that limiting zone x-fers would also be an answer but we cannot
implement this right away...don't ask why...it would take to long to
explain...what i want to do is disable ZXFR's altogether
-- qarl
-----Original Message-----
From: Shawn_Evans at oxy.com [mailto:Shawn_Evans at oxy.com]
Sent: Wednesday, November 08, 2000 1:11 PM
To: bind-users at isc.org
Subject: RE: ZXFR
In your named.conf file, in the options sections, to make the change
globaly.. add;
options {
allow-transfer { 1.2.3/24; };
};
where 1.2.3/24 is the IP range you want to have the ability to make zone
transfers.
See DNS & BIND, 3rd Edition pg. 252 for further details.
---
- Shawn L. Evans, mailto:shawn_evans at oxy.com -
- Phone: 1-918-610-1897 Mobile: 1-918-361-7601 -
- Text Page: 8008056238 at airmessage.net -
- Pager: 1-800-805-6238 -
-----Original Message-----
From: Security, Network [mailto:Network.Security at OCIOFC.USDA.GOV]
Sent: Wednesday, November 08, 2000 1:15 PM
To: 'bind-users at isc.org'
Subject: ZXFR
alright with this new DoS against 8.2.2P5 with the ZXFR option enabled i am
poking around trying to figure out how to disable it, sorry if this seems
like a trivial question...i still get lost in source code. anyway i did NOT
manually enable it, yet the DoS still works on my Solaris 8 machine. so if
anyone could tell me where to go to disable this option it would be
appreciated.
-- qarl
More information about the bind-users
mailing list