Comments on: Restricting zone transfers with IP addresses in BIND DNS Server http://www.cyberciti.biz/tips/howto-restrict-unauthorized-zone-transfers-dns-bind.html This is a Linux sys admin journal by Vivek about sys admin work, Linux tips & tricks, hacks, news and more. Fri, 10 Feb 2012 20:37:43 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: äijöhttp://www.cyberciti.biz/tips/howto-restrict-unauthorized-zone-transfers-dns-bind.html#comment-146475 äijö Sun, 28 Dec 2008 18:26:49 +0000 http://www.cyberciti.biz/tips/howto-restrict-unauthorized-zone-transfers-dns-bind.html#comment-146475 Ulrich: are you able to recognize authorative and resolve DNS server? You cannot run both on this same IP address, so if you need authorative server for your domains, you should restrict zone transfers only to slaves. If it's necessary to having resolver in local network, run it on local address. Ulrich: are you able to recognize authorative and resolve DNS server? You cannot run both on this same IP address, so if you need authorative server for your domains, you should restrict zone transfers only to slaves. If it’s necessary to having resolver in local network, run it on local address.

]]> By: vivekhttp://www.cyberciti.biz/tips/howto-restrict-unauthorized-zone-transfers-dns-bind.html#comment-141415 vivek Tue, 16 Oct 2007 12:36:53 +0000 http://www.cyberciti.biz/tips/howto-restrict-unauthorized-zone-transfers-dns-bind.html#comment-141415 Yes this information is publicly available through BIND server, there is no reason to make an attacker's life easier. There is no legitimate reason for anyone outside your organization to transfer your zones in bulk. Yes this information is publicly available through BIND server, there is no reason to make an attacker’s life easier. There is no legitimate reason for anyone outside your organization to transfer your zones in bulk.

]]> By: Ulrich Wisserhttp://www.cyberciti.biz/tips/howto-restrict-unauthorized-zone-transfers-dns-bind.html#comment-141414 Ulrich Wisser Tue, 16 Oct 2007 11:36:23 +0000 http://www.cyberciti.biz/tips/howto-restrict-unauthorized-zone-transfers-dns-bind.html#comment-141414 Hi, why would you like to restrict your zone transfer? You will allow any resolver to ask for the same data, but you won't allow a transfer? I suggest you put only public data in your zone file and don't care about the zone transfer. If you have to have private data in a zone file, set up an internal DNS master (or use split DNS) with a private zone file and restrict access for resolvers and zone transfer. Ulrich Hi,

why would you like to restrict your zone transfer? You will allow any resolver to ask for the same data, but you won’t allow a transfer? I suggest you put only public data in your zone file and don’t care about the zone transfer. If you have to have private data in a zone file, set up an internal DNS master (or use split DNS) with a private zone file and restrict access for resolvers and zone transfer.

Ulrich

]]>