Date: Tue, 30 Jan 2001 19:56:13 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: security@FreeBSD.ORG Subject: Re: Bind: unapproved query (version.bind) Script kiddies? Message-ID: <Pine.BSF.4.21.0101301947460.11515-100000@roble.com> In-Reply-To: <bulk.28447.20010130192801@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
David La Croix <dlacroix@cowpie.acm.vt.edu> wrote:
> It's not so much blocking queries to version.bind, so much as refusing to
> answer queries to an untrusted host, about domains it does not host.
Alternately, you could define the "allow-recursion" and "version"
options:
options { directory "/etc/namedb";
version "none.of.your.business";
pid-file "/var/run/named.pid";
listen-on { localhost; YOUR_IP; };
query-source address YOUR_IP port 53;
transfer-source YOUR_IP;
allow-recursion { localhost; YOUR_SUBNET; }; };
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
> options {
> directory "/etc/namedb";
> allow-query {
> 127.0.0.1;
> localnets;
> };
> allow-transfer {
> 0.0.0.0; /* IPs changed */
> 0.0.0.0; /* secondary DNS servers */
> };
> forwarders {
> 0.0.0.0; 0.0.0.0;
> };
> };
>
> and then further down all my zone definitions look like:
>
> zone "mydomain.com" {
> type master;
> file "zones/mydomain.com";
> allow-query { any; };
> };
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101301947460.11515-100000>