Web lists-archives.com

Re: [Samba] I can't deny zone transfer when using bind as DNS backend

Well, I'm using Samba 4.7.4 DC and bind 9.10.3 as DNS back end. I have a zone called mydomain.cu into Samba where are placed our workstations and servers records. This is my configuration.

I want to prevent zone transfer attacks to this zone by restricting the hosts that could do it. I tried the allow-transfer {"none";}; in the named.conf.options file but It doesn't work.

How can I prevent zone transfer in this type of zone ?

El 13/02/18 a las 16:14, Rowland Penny via samba escribió:
On Tue, 13 Feb 2018 15:50:11 -0500
Denis Morejon via samba <samba@xxxxxxxxxxxxxxx> wrote:

It doesn't work for me. I put allow-transfer {"none";}; in
named.conf.options. Reload the bind9 service.  but I can not avoid
the zone transfer to the Active Directory Integrated Zone !

I use Samba 4.7.4 (From Source) and BIND 9.10.3-P4-Debian (Debian 9)

This configuration works well on standard zones but not on DLZ
(Samba) Zones.
I think you are going to have to explain what you are trying to do, it
sounds like you are trying to stop bind using the dns info in AD.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba