unauthorized transfers
Kevin Darcy
kcd at daimlerchrysler.com
Wed May 2 19:31:43 UTC 2001
Jennifer wrote:
> How do I prevent unauthorized slaves from pulling zones from my master DNS
> server? I am running bind 8.2.3 on Redhat 6.2.
>
> Thanks for any help.
allow-transfer
But be aware that "security by obscurity" doesn't really buy you much. Even
with zone transfers restricted, folks can probe your nameserver for names.
The golden rule is that you shouldn't make private information available on a
publically-accessible resource like a nameserver. If you're currently using
your nameserver to host domain information to the Internet and also for your
clients to resolve Internet names, you should consider splitting those
functions and possibly also your namespace, i.e. the so-called "split DNS".
- Kevin
More information about the bind-users
mailing list