Re: bind configuration help

[Kevin Darcy]

Holger Honert wrote:
Security issues!
Usually you only want *trusted* clients to use your server recursively.

And you don't really want to allow *any* fetching your hosted zones 
for doing something bad, i.e. getting (unwanted!) infos
over your network and infrastructure.
If the infos are public, they're public, the only difference is that 
zone transfers are a more efficient way of fetching more than about 2 or 
3 records in a single transaction, compared to querying each one 
individually.

If you want your network and infrastructure infos to be private, then 
put them in a private zone that can't be queried from the Internet at all.

                                                                        
                                                  - Kevin

Regards

Holger


Jukka Pakkanen schrieb:
Sorry, but could You specify more accurately what is "bad" ? This is
my first bind configuration, so probably I've made some mistakes, but
I'd like to do it the right way in the end.:)

On Tue, Nov 10, 2009 at 11:19 PM, Laurent CARON <lca...@lncsa.com> wrote:
  
    allow-recursion { any; };
      
bad

    
    allow-transfer { any; };
      
bad

    

It's usually a bad idea to allow "any" to use your server recursively, or allow "any" 
transfer zone data. Like an "open dns-server".




_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


  


------------------------------------------------------------------------
SIGNAL Krankenversicherung a. G., Sitz: Dortmund, HR B 2405, AG Dortmund
IDUNA Vereinigte Lebensversicherung aG für Handwerk, Handel und Gewerbe,
Sitz: Hamburg, HR B 2740, AG Hamburg
Deutscher Ring Krankenversicherungsverein a.G., Sitz: Hamburg,
HR B 4673, AG Hamburg,
SIGNAL IDUNA Allgemeine Versicherung AG, Sitz: Dortmund, HR B 19108,
AG Dortmund
Vorstände: Reinhold Schulte (Vorsitzender),
Wolfgang Fauter (stellv. Vorsitzender), Dr. Karl-Josef Bierth,
Jens O. Geldmacher, Marlies Hirschberg-Tafel,
Michael Johnigk, Ulrich Leitermann, Michael Petmecky,
Dr. Klaus Sticker, Prof. Dr. Markus Warg
Vorsitzender der Aufsichtsräte: Günter Kutz
SIGNAL IDUNA Gruppe Hauptverwaltungen, Internet: www.signal-iduna.de
44121 Dortmund, Hausanschrift: Joseph-Scherer-Str. 3, 44139 Dortmund
20351 Hamburg, Hausanschrift: Neue Rabenstraße 15-19, 20354 Hamburg
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users