Search Again: Re: Restricting Zone Transfers From: Jerry Pasker-System Admin. Date: Monday, July 12, 1999 Time: 2:56:00 pm >One of the changes between last time I was administering a QDNS server and >this time is the addition of a preference to restrict zone transfers. The >manual says not a lot on the topic and my copy of DNS and BIND isn't around. > >I assume that this is a precaution against spoofing??? > >What are the implications of using this preference or not using this >preference? > >Thanks, > >-Kirk > > No, this is to keep some 14 year old with idle hands from doing a zone transfer, and downloading your entire DNS zone file. This could be bad, because it's a blueprint of all your machines, and that just makes it too easy for a wanna-be hacker. They can just go right down the list of machines.... A truely good hacker can figure out all your machines anyway, so restricting zone transfers only slows down a good hacker (who can guess the names of your machine, and do reverse DNS name scans), and keeps the 95% of the "script kiddies" from getting very far. (Most 'hackers' are just teens without a clue, that have too much idle time, anyway) Zone transfers are used to transfer your zones from your primary name server, into your seccondary name server. If you restrict zone transfers, you must list the IP addresses of any seccondary servers that are seccondary for any of the zones that your primary serves, and allow those IP to do zone transfers. The anti-spoofing, which is not really related to zone transfers in any way, is built into the latest version of QDNS Pro, and is a no-brainer. It's just there, and it just works. No intervention needed. -Jerry ---------------------------------------------------------- "I can see three corners from this corner" -Dave Matthews ----------------------------------------------------------

Messages In This Thread: Restricting Zone Transfers by Kirk Samuelson on Jul 12, 1999 at 8:06:00 am Re: Restricting Zone Transfers by Jerry Pasker-System Admin. on Jul 12, 1999 at 2:56:00 pm Re: Restricting Zone Transfers by Men & Mice Support on Jul 12, 1999 at 8:42:00 pm Re: Restricting Zone Transfers by Mia''s Virtual Post Office on Mar 9, 2000 at 12:51:00 am Re: Restricting Zone Transfers by Global Homes Webmaster on Mar 9, 2000 at 1:03:00 am Re: Restricting Zone Transfers by Men & Mice Support on Mar 9, 2000 at 1:20:00 am Re: Restricting Zone Transfers by Mia''s Virtual Post Office on Mar 9, 2000 at 1:24:00 am Re: Restricting Zone Transfers by Mia''s Virtual Post Office on Mar 9, 2000 at 1:29:00 am Re: Restricting Zone Transfers by Men & Mice Support on Mar 9, 2000 at 1:37:00 am Re: Restricting Zone Transfers by Mia''s Virtual Post Office on Mar 9, 2000 at 1:46:00 am Re: Restricting Zone Transfers by Men & Mice Support on Mar 9, 2000 at 2:06:00 am Re: Restricting Zone Transfers by andrew on Mar 9, 2000 at 2:07:00 am Re: Restricting Zone Transfers by Mia''s Virtual Post Office on Mar 9, 2000 at 2:22:00 am Re: Restricting Zone Transfers by Jesse Proudman on Mar 9, 2000 at 2:26:00 am Re: Restricting Zone Transfers by Men & Mice Support on Mar 9, 2000 at 2:34:00 am