ls -d
James Pratt
jpratt at norwich.edu
Mon Aug 11 14:31:27 UTC 2008
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of
> jmc
> Sent: Monday, August 11, 2008 10:16 AM
> To: bind-users at isc.org
> Subject: Re: ls -d
>
> --- Ejaz [Mon, Aug 11, 2008 at 04:43:25PM +0300]: ---
> > Dear all,
> > I have two dns server with same version of bind and with similar
configuration,
> >
> > When ever i go with my ns2 (ns2.cyberia.net.sa) server into
nslookup mode, any
> can can run the command: ls -d "domain name" as an arugement and
gettting full
> dump information about that domain.
> >
> > Please can any one guide me that How do I set up my Bind to not show
my
> domain if someone does this(ls -d "domainname") to me.
>
> as far as i know, ls -d just does an AXFR, so just disable AXFRs for
the
> IP making the request. i could be missing something, however.
Yes, you need to shut off zone transfers to unauthorized IP's and/or
ranges, as well as disable recursion to internet clients, eg:
[meb at 192.149.109.19 ~]# dig @ns2.cyberia.net.sa PHP.NET
; <<>> DiG 9.3.4-P1 <<>> @ns2.cyberia.net.sa PHP.NET
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37704
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;PHP.NET. IN A
;; ANSWER SECTION:
PHP.NET. 86395 IN A 69.147.83.197
;; AUTHORITY SECTION:
PHP.NET. 66384 IN NS remote1.easydns.com.
PHP.NET. 66384 IN NS remote2.easydns.com.
PHP.NET. 66384 IN NS ns1.easydns.com.
PHP.NET. 66384 IN NS ns2.easydns.com.
;; Query time: 192 msec
;; SERVER: 212.119.64.3#53(212.119.64.3)
;; WHEN: Mon Aug 11 10:26:16 2008
;; MSG SIZE rcvd: 132
More information about the bind-users
mailing list