Web lists-archives.com

Re: [Samba] I can't deny zone transfer when using bind as DNS backend




Well, I'm using Samba 4.7.4 DC and bind 9.10.3 as DNS back end. I have a zone called mydomain.cu into Samba where are placed our workstations and servers records. This is my configuration.

I want to prevent zone transfer attacks to this zone by restricting the hosts that could do it. I tried the allow-transfer {"none";}; in the named.conf.options file but It doesn't work.

How can I prevent zone transfer in this type of zone ?






El 13/02/18 a las 16:14, Rowland Penny via samba escribió:
On Tue, 13 Feb 2018 15:50:11 -0500
Denis Morejon via samba <samba@xxxxxxxxxxxxxxx> wrote:

It doesn't work for me. I put allow-transfer {"none";}; in
named.conf.options. Reload the bind9 service.  but I can not avoid
the zone transfer to the Active Directory Integrated Zone !

I use Samba 4.7.4 (From Source) and BIND 9.10.3-P4-Debian (Debian 9)

This configuration works well on standard zones but not on DLZ
(Samba) Zones.
I think you are going to have to explain what you are trying to do, it
sounds like you are trying to stop bind using the dns info in AD.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba