Varun Varma wrote:
Oh yes, I am aware of the CERT Vulnerability Note VU#715973
http://www.kb.cert.org/vuls/id/715973
Forget the zxfr bug .. repeated AXFRs will do something really interesting to your bandwidth bills. Especially when your zones grow larger (we've got a few zones on some of our domains that are being served - on djbdns - that are more than 4 megs large).
If you read my post, you would see that our zones are not much larger than what is returned by a ANY RR query.
A couple of zones not only have an allow-transfer restriction but also an allow-query clause, since it's nobody's business to look at those domains.
We run BIND 9.2 and plan to use transfers-out as and when it becomes functional.
We get a daily report of the number of number of zone transfers in a day and if it becomes an abuse problem, obviously the policy would be looked into.
As for a case where you run the master and want to provide easy slave dns for your clients. Considered making zonefiles available over rsync or even ftp?
That assumes that the zone file format would be the same across DNS servers or that the clients are running the same DNS server as us. I have no clue what some clients run/plan to run. What if someone uses *shudder* a Microsoft DNS Server?
-- Regards, Varun Varma --------------------------------------- Mindframe Software & Services Pvt. Ltd. http://www.mindsw.com ---------------------------------------
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
