ls -d

Ejaz mejaz at cyberia.net.sa
Mon Aug 11 16:00:51 UTC 2008 

Thanks to all,
 it fixed now. 

Second option as I  should not allow others to query from dns server, as of now I am planing to go  with the below option, Just i need to make sure that is there any alternet way to achive the below ?? since its very painfull for me to add a line says "allow-query{any} in each zone file. 


1. An acl line of "allow-query { our-nets; };" would globally  allows  queries from our designated IP's but deny queries from everyone else, 
 correct? 

2.  "allow-query { any; };" in a  zone it would allow this zone to be queried from anyone in the world. 

Many thaks in advance

Regards
Ejaz






----- Original Message ----- 
From: "James Pratt" <jpratt at norwich.edu>
To: <bind-users at isc.org>
Cc: "Ejaz" <mejaz at cyberia.net.sa>
Sent: Monday, August 11, 2008 5:31 PM
Subject: RE: ls -d


> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of
> jmc
> Sent: Monday, August 11, 2008 10:16 AM
> To: bind-users at isc.org
> Subject: Re: ls -d
> 
> --- Ejaz [Mon, Aug 11, 2008 at 04:43:25PM +0300]: ---
> > Dear all,
> > I have two dns server with same version of bind and with similar
configuration,
> >
> > When ever i go with my ns2 (ns2.cyberia.net.sa)  server into
nslookup mode, any
> can  can run the command: ls -d "domain name" as an arugement and
gettting full
> dump information about that domain.
> >
> > Please can any one guide me that How do I set up my Bind to not show
my
> domain if someone does this(ls -d "domainname")  to me.
> 
> as far as i know, ls -d just does an AXFR, so just disable AXFRs for
the
> IP making the request. i could be missing something, however.

Yes, you need to shut off zone transfers to unauthorized IP's and/or
ranges, as well as disable recursion to internet clients, eg:

[meb at 192.149.109.19 ~]# dig @ns2.cyberia.net.sa PHP.NET

; <<>> DiG 9.3.4-P1 <<>> @ns2.cyberia.net.sa PHP.NET
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37704
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;PHP.NET.                       IN      A

;; ANSWER SECTION:
PHP.NET.                86395   IN      A       69.147.83.197

;; AUTHORITY SECTION:
PHP.NET.                66384   IN      NS      remote1.easydns.com.
PHP.NET.                66384   IN      NS      remote2.easydns.com.
PHP.NET.                66384   IN      NS      ns1.easydns.com.
PHP.NET.                66384   IN      NS      ns2.easydns.com.

;; Query time: 192 msec
;; SERVER: 212.119.64.3#53(212.119.64.3)
;; WHEN: Mon Aug 11 10:26:16 2008
;; MSG SIZE  rcvd: 132

More information about the bind-users mailing list