Vulnerability Development mailing list archives

Re: Possible DOS in Bind 8.2.2-P5

From: Paul Pot <paul_pot () NL SONYMUSIC COM>
Date: Tue, 14 Nov 2000 08:57:15 +0100

Joseph,

Use the allow-transfer statements in named.conf like
(all your internal DNS servers or just localhost)

hth
paul
*speaking for himself

acl local_dns {
        localhost;
        w.x.y.x;  x.y.w.z;
};

zone "whatever.zone.com" in {
        type master;
        file "whatever.db";
        allow-transfer { local_dns;};
};

-----------------------
[snip]
In neither of these situations did I find any problems after 10 minutes.

If you have other ways you would like me to try running the daemon, let
me know.

Also, I am rather new at bind. How might I go about denying *XFR's from
all but approved hosts?

Thank You

Joseph

Current thread:

Re: Possible DOS in Bind 8.2.2-P5, (continued)
- - Re: Possible DOS in Bind 8.2.2-P5 Olaf Kirch (Nov 10)
    - Re: Possible DOS in Bind 8.2.2-P5 Paul A Vixie (Nov 10)
- Re: Possible DOS in Bind 8.2.2-P5 Daniel Roesen (Nov 10)
- Re: Possible DOS in Bind 8.2.2-P5 fire-eyes (Nov 14)
- Re: Possible DOS in Bind 8.2.2-P5 Fernando Cardoso (Nov 09)
- Re: Possible DOS in Bind 8.2.2-P5 Luke Dudney (Nov 10)
- Re: Possible DOS in Bind 8.2.2-P5 Jonatan Sarba (Nov 14)
  - Re: Possible DOS in Bind 8.2.2-P5 Peter Pentchev (Nov 15)
    - Re: Possible DOS in Bind 8.2.2-P5 Johnson, Jeremiah (Nov 15)
    - Re: Possible DOS in Bind 8.2.2-P5 Matt Zimmerman (Nov 15)
- Re: Possible DOS in Bind 8.2.2-P5 Paul Pot (Nov 15)
- Re: Possible DOS in Bind 8.2.2-P5 Chris Tobkin (Nov 15)