The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Article Feedback - What version of bind are you running?
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 dig axfr
Author: Barry Murphy 
Date:   31-08-02 05:55

I prefer the dig @dns.server domain.com axfr for domain listing.
Reply To This Message
 
 Re: dig axfr
Author: Mike Hoskins 
Date:   29-01-03 08:33


Yes, I prefer dig as well. Either way will work only if the nameserver you query allows transfers. This is controlled in BIND 8 & 9 with the allow-query { a.b.c.d; ...; }; option block.
Reply To This Message
 
 Re: dig axfr
Author: Great Lakes 
Date:   16-09-03 14:45

the ls -d zone file listing is only allowed if zone transfers are allowed. To further restrict this time of informaiton leaking out, TCP port 53 can be filtered from all but trsuted DNS secondaries. ls -d's run against a domain will result in a server timeout, confounding anyone attempting to get a full listing of all the machines in your network. Leaving UDP 53 open will still allow individual queries for hostname resolution.
Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org


Servers and bandwidth provided by New York Internet, SuperNews, and RootBSD. Valid CSS and RSS.
Copyright © 1997-2012 DVL Software Ltd.
All rights reserved.