Michael,
The more I think I know, the more I realize that I need to learn... :-)
Thanks
Gustav
"Michael H. Warfield" wrote:
<snip>
> On Sun, Feb 04, 2001 at 09:53:48PM +0100, Gustav Schaffter wrote:
> In Bind 8.x and Bind 9.x you restrict who can request a zone
> transfer with the "allow-transfer" stanza in the configuration file.
>
> Here's an example from the O'Reilly Book "DNS and BIND" (3rd ed,
> p 252):
>
> zone "acmebw.com" {
> type master;
> file "db.acmebw";
> allow-transfer {
> 192.168.0.1;
> 192.168.1.1;
> };
> };
>
> > If I understand your reasoning I should probably accept all incoming udp
> > from port 53 to any unprivileged port, no matter what the source address
> > is?
>
> Probably. You can also set up your name servers to be "forwarding
> only". That way they will ONLY ever talk to their forwarding servers and
> never try to contact other name servers on their own. That's described on
> page 246 of the same book above. You would use something like this:
>
> options {
> forwarders {
> 192.249.249.1;
> 192.249.249.3;
> };
> forward-only;
> }
--
pgp = Pretty Good Privacy.
To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]
Visit my web site at http://www.schaffter.com
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
