Date: Tue, 30 Jan 2001 19:56:13 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: security@FreeBSD.ORG Subject: Re: Bind: unapproved query (version.bind) Script kiddies? Message-ID: <Pine.BSF.4.21.0101301947460.11515-100000@roble.com> In-Reply-To: <bulk.28447.20010130192801@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
David La Croix <dlacroix@cowpie.acm.vt.edu> wrote: > It's not so much blocking queries to version.bind, so much as refusing to > answer queries to an untrusted host, about domains it does not host. Alternately, you could define the "allow-recursion" and "version" options: options { directory "/etc/namedb"; version "none.of.your.business"; pid-file "/var/run/named.pid"; listen-on { localhost; YOUR_IP; }; query-source address YOUR_IP port 53; transfer-source YOUR_IP; allow-recursion { localhost; YOUR_SUBNET; }; }; -- Roger Marquis Roble Systems Consulting http://www.roble.com/ > options { > directory "/etc/namedb"; > allow-query { > 127.0.0.1; > localnets; > }; > allow-transfer { > 0.0.0.0; /* IPs changed */ > 0.0.0.0; /* secondary DNS servers */ > }; > forwarders { > 0.0.0.0; 0.0.0.0; > }; > }; > > and then further down all my zone definitions look like: > > zone "mydomain.com" { > type master; > file "zones/mydomain.com"; > allow-query { any; }; > }; > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101301947460.11515-100000>