Denying AXFR on Freebsd
Markus Heimhilcher
markus.heimhilcher at univie.ac.at
Tue May 10 14:49:42 UTC 2005
Hello,
I have problems denying AXFRs with nsd.
This topic has been discussed here once, but the solutions don't work
for me.
I am using nsd 2.3 compiled with --with-libwrap on Freebsd 5.3.
I tried all variations of deny statemens in hosts.allow / hosts.deny like:
hosts.allow:
axfr: ALL : deny
axfr-zone.: ALL : deny
or
hosts.deny:
axfr: ALL
axfr-zone.: ALL
or
hosts.allow:
ALL : ALL : deny
When testing the tcp wrapper rules with tcpdmatch everything seems ok.
The nsd log is also very quiet about AXFRs taking place.
The only working option to deny AXFRs is to compile nsd without AXFR
support.
Could this be a bug of nsd on this platform?
Besides, when will there be the possibility to configure the AXFR
permissions in a seperate file?
According to Bugzilla this feature should already be included in the 2.3
release of nsd.
Regards,
Markus
More information about the nsd-users
mailing list