Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #88
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!nx01.iad01.newshosting.com!newshosting.com!news-out.readnews.com!transit3.readnews.com!panix!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Aleksander Kurczyk <aleksanderkurczyk@o2.pl> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: Securing zone transfer and DDNS |
| Date | Thu, 10 Nov 2011 17:19:05 +0100 |
| Lines | 56 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.48.1320941998.68562.bind-users@lists.isc.org> (permalink) |
| References | <21ed7915.4729b742.4eb72f52.7f82@o2.pl> <32DD7227-7F82-4D63-A4BF-D038031CCB1A@isc.org> <85ecc83.4a6e4d68.4eb81652.18c6d@o2.pl> <20111107230426.1A07F16D8A25@drugs.dv.isc.org> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="UTF-8" |
| Content-Transfer-Encoding | quoted-printable |
| X-Trace | usenet.stanford.edu 1320941998 13999 149.20.64.75 (10 Nov 2011 16:19:58 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bind-users@isc.org |
| Return-Path | <aleksanderkurczyk@o2.pl> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| In-Reply-To | <20111107230426.1A07F16D8A25@drugs.dv.isc.org> |
| X-Originator | 95.160.160.157 |
| X-Spam-Status | No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM, SARE_SUB_ENC_UTF8,T_TO_NO_BRKTS_FREEMAIL autolearn=no version=3.3.1 |
| X-Spam-Checker-Version | SpamAssassin 3.3.1 (2010-03-16) on mx.ams1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| Xref | x330-a1.tempe.blueboxinc.net comp.protocols.dns.bind:88 |
Show key headers only | View raw
Thanks everybody for the answers.
I have one more question - how can I block every update for every zone in options section using update-policy?
logging { ... };
options {
directory "/var/named";
dnssec-enable yes;
recursion yes;
allow-recursion { 127.0.0.1; };
allow-transfer { none; };
allow-update { none; }; <<<<<<<<<<<<<<<<
};
key "rndc-key" { ... };
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
key "transfer-key" { ... };
key "ddns-key" { ... };
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "my.zone" IN {
type master;
file "my.zone";
allow-transfer { key transfer-key; };
update-policy {
grant ddns-key zonesub ANY;
};
};
--
Pozdrawiam,
Aleksander Kurczyk
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: Securing zone transfer and DDNS Aleksander Kurczyk <aleksanderkurczyk@o2.pl> - 2011-11-10 17:19 +0100
csiph-web