Fridtjof Busse fbusse at
Wed Nov 12 15:13:00 UTC 2003

I'd like to restrict AXFR access.
According to the documentation, this is done via tcp_wrappers.
So I compiled nsd with "--with-libwrap", but even if I set "axfr : ALL : 
deny" in /etc/hosts.deny, it allows AXFR-access.
Only if I explicitly set "axfr-zone.tld. : ALL : deny" in hosts.deny, 
access gets restricted.
But I'd like to block all access in hosts.deny and only allow access to 
all zones via hosts.allow to one host (secondary), no zone-specific 
configuration (so I don't have to add another rule to hosts.allow every 
time I create a new zone).
Any way to do that?
Fridtjof Busse

More information about the nsd-users mailing list