Disable Bind's response to version queries and zone xfer requests
Ronald Procopio
RonaldMarkProcopio at netscape.net
Wed Aug 18 00:39:21 UTC 1999
Barry Margolin wrote:
>
> In article <37B8BDD6.5B8D938D at netscape.net>,
> Ronald Procopio <RonaldMarkProcopio at netscape.net> wrote:
> >Under Bind 4 there is an option called SECURE_ZONE (yes I know there is
> >an underline - I belive that's right) that you can use in the BIND zone
> >file to limit transfer and queries of that specific zone.
>
> SECURE_ZONE restricts *all* queries, not just zone transfers. And it's
> gone in BIND 8 (the "allow-query" option in named.conf serves the same
> purpose). If you want to restrict zone transfers in BIND 4.9.x you use
> "xfrnets" in named.boot.
>
> BTW, why do you imply that there might be something wrong with the
> underscore? The only place where underscores aren't allowed is in
> hostnames, and SECURE_ZONE isn't a hostname. In fact, they probably put
> the underscore in the name precisely to avoid conflicting with a potential
> hostname.
>
> --
> Barry Margolin, barmar at bbnplanet.com
> GTE Internetworking, Powered by BBN, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
Because the syntax is the same has any TXT records would be.
It isn't a master file directive like $ORIGIN as it doesn't start with
a $. Therfore is a leftvalue which is normally a "host". I don't know
how it is set up in the code I've never looked - it may be treated as a
directive even though it uses a host syntax. And I'd like to point out
that he was looking for a way to restrict QUERIES fro version.bind.
whther this would work or BIND might say he's redefing the zone I don't
know. I was giving the requestor a possibility using BIND4 that he
might be able to use.
(why would any transfer the version.bind chaos domain?)
More information about the bind-users
mailing list