If memory serves.. AXFR is a zone transfer... So, at your firewall, would want to only allowing TCP queries from your backup (secondary, trinary..etc.) dns servers (on the outside of your firewall) and limit everyone else to UDP queries. And for your bind9 config something like this:
allow-transfer { backup.dns1.host.blah; backup.dns2.host.blah; localhost; }; just my $0.02 --jimm > -----Original Message----- > From: LeVA [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 28, 2004 12:44 PM > To: Debian-Security > Subject: blocking AXFR record query > > > Hi! > > Anyone could tell me how could I deny the AXFR record query on my bind > server? I'm looking for some global variable, not specifiing > per-address. > > Thanks! > > Daniel > > -- > LeVA > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > >