By default, 'host -l anydomain' query allowed.
Some Site refused this query.
How can I set this?
sorry for bad english ^^
by °-?í± » Wed, 30 May 2001 15:48:34
sorry for bad english ^^
by Lukasz Wojto » Wed, 30 May 2001 21:53:46
i think you should add a regule in your firewall:Quote:> By default, 'host -l anydomain' query allowed.
> Some Site refused this query.
> How can I set this?
by Tad » Wed, 30 May 2001 22:18:01
allow-transfer { none; };
or
allow-transfer { your-secondary-dns-ip; };
From the named.conf man page.....
allow-transfer
Specifies which hosts are allowed to receive zone transfers from
the
server. allow-transfer may also be specified in the zone
statement,
in which case it overrides the options allow-transfer statement.
If
not specified, the default is to allow transfers from all hosts.
Quote:> By default, 'host -l anydomain' query allowed.
> Some Site refused this query.
> How can I set this?
> sorry for bad english ^^
by Julian T. J. Midgl » Wed, 30 May 2001 22:16:46
>i think you should add a regule in your firewall:
>ipchains -A input -i eth0 -s 0.0.0.0/0 -d <yourIP> 53 -p TCP -j REJECT
You'd be better off preventing unauthorized hosts from making
zone transfers. You do this by specifying an "allow-transfer" line in
the options{} section of your named.conf. E.g.:
options {
allow-transfer { 127/8; 192.168.23/24; 192.168.24/24; };
...
Any hosts not explicitly allowed by the allow-transfer line will haveQuote:}
All the best,
Julian Midgley
--
Julian T. J. Midgley http://www.xenoclast.org
Cambridge, England. PGP Key ID: 0xBCC7863F
1. Compiling BIND(includes?)/named 'query refused'
I have two problems. In the process of trying to solve one, I found the
other.
Firstly, I am using named to serve names for two different domains. I
have a problem where a AFXR for one of the domains is refused, but the
other one is not : I cannot for the life of me figure out what is
different between these domains.
With nslookup I set my server to 'arraydev.com', and then do an 'ls
arraydev.com'. The information is transfered OK. When I do an 'ls
flora.ocunix.on.ca', it gives me a 'Query refused'. Both entries are in
my named.boot, and I am able to properly get addresses (set type=any, and
then type eithor domain - both give full information).
I figured that I would take a look and see if there was a compile-time
option for named which might affect this, so I grabbed BIND 4.9.3, from
tsx-11, and attempted to compile it. I received a large number of errors
that related to the include files and various conflicts - is there
something specific that I should be trying to do? Has someone
successfully compiled BIND, and would be willing to offer me some suggestions?
Thanks!
--
Russell McOrmond, Ottawa Ontario, Canada. Work: World Wide Web developer
Standard Disclaimer applies: I didn't do it, it was an accident!
<a href="http://www.carleton.ca/~rmcormon/">Russell's Home Page</a>
2. Problem with WD90C24A2 driving Nokia 447X
3. Can't do X -query host if host has CDE installed
4. Vertical lines on my screen when I start startx In Debian
5. Heah com' da FUD, Heah com' da FUD!
7. My linux refuses 'rlogin' 'telnet' what is the problem??
8. IBM ServerRaid Linux Support & Netfinity Support
9. ping -g 'gateway-IP' 'host-IP' DOESN'T work!
10. about docs.sun.com's query online
11. OT: It's 2001 & M$ refuses to 'see' Linux partitions
12. 'host' command not using /etc/hosts?
13. Get 'cannot connect to host', yet can ping remote host!!