If memory serves.. AXFR is a zone transfer... So, at your firewall, would
want to only allowing TCP queries from your backup (secondary,
trinary..etc.) dns servers (on the outside of your firewall) and limit
everyone else to UDP queries. And for your bind9 config something like
this:
allow-transfer {
backup.dns1.host.blah;
backup.dns2.host.blah;
localhost;
};
just my $0.02
--jimm
> -----Original Message-----
> From: LeVA [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 28, 2004 12:44 PM
> To: Debian-Security
> Subject: blocking AXFR record query
>
>
> Hi!
>
> Anyone could tell me how could I deny the AXFR record query on my bind
> server? I'm looking for some global variable, not specifiing
> per-address.
>
> Thanks!
>
> Daniel
>
> --
> LeVA
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>
>
