Denying AXFR
Marc Groeneweg
Marc.Groeneweg at sidn.nl
Tue Feb 15 06:32:06 UTC 2005
Wesley,
> I'm trying to get NSD to deny AXFRs for the zones its
> serving. I'm compiling
> --with-libwrap (although I think that's unnecessary as it
> looks like the
> default is to go ahead and link with libwrap). This is with 2.2.0.
SNAP
>
> Here is what I've tried:
>
> /etc/hosts.allow:
> axfr : ALL : deny
SNAP
>
> But nothing works. Anybody have a working example of denying
> all AXFRs?
We have the following line in /etc/hosts.deny on a Debian Linux system:
/etc/hosts.deny:
axfr: ALL
axfr-nl.: ALL
In the file /etc/hosts.allow we have exceptions for this rule like:
/etc/hosts.allow:
axfr: 10.0.0.1
Hope this will help you.
Regards,
Marc
More information about the nsd-users
mailing list