Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th July 2010, 17:53
Agent_M Agent_M is offline
Junior Member
 
Join Date: Jul 2010
Location: Perth, Australia
Posts: 29
Thanks: 5
Thanked 3 Times in 3 Posts
Default How do I disable zone transfers in BIND

Hi all,

First the setup:
ISPConfig 3.0.2.2 ( with BIND, not mydns )
Ubuntu 10.04 64bit
Server is a VM
Only 1 server at the moment ( although am playing around with a 2nd as a sec dns, but will leave the problems I've got with that one until I've reloaded everything )

Have set everything up on the one server, seems to work great except 2 areas I am not sure about ( I'll post the second separately as it relates to firewall and not DNS ).

1. From what I understand its not a good thing to allow zone transfers, is this correct?

2. Zone transfers seem to be enabled by default ( Bind ), how do I disable this?

3. In the "DNS Zone" setup page there are 2 settings one called "Allow zone transfers to these IPs" and the other "Also Notify", now reading through the forums apparently these are for MyDNS and Not BIND? is this still true? ( I only ask because putting an entry in here does seem to add it to the zone file ).

4. If I add an IP in "Allow zone transfers to these IPs" it does disable zone transfers ( presumably to all except the IP listed ). Is this how I disable zone transfers, or is there another way that will disable it for all zones?

5. If I have to do it one by one ( by entering "none" or something in this field, what can I add to the DNS Zone Template to do this automatically.

Cheers for you help in advance.



Also the Perfect Server set up guide was brilliant!!!

I notice though that there doesn't seem to be a user guide that explains some of the settings, what they do or what they are for, and what you should enter etc. Rather than winge or bitch about it though, if there are any plans or desires to make one ( either pdf or maybe a help section within ispconfig3 control panel ), then I would be happy to give some time helping to write them ( although I may need some clarification myself on what some of them do ).

Please let me know, have only recently come across this project, and although I'm not a programmer myself ( although could manage some basic html help pages ), I would be happy to contribute towards it in other ways if there's a need.
Reply With Quote
Sponsored Links
  #2  
Old 10th July 2010, 12:59
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,046
Thanks: 826
Thanked 5,389 Times in 4,234 Posts
Default

In named.conf file within the "options" section add:

Code:
allow-transfer {"none";};
to disable all zone transfers.

Regarding the user manual. Would be great if you might be able to help us to write one.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 10th July 2010, 14:40
Agent_M Agent_M is offline
Junior Member
 
Join Date: Jul 2010
Location: Perth, Australia
Posts: 29
Thanks: 5
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by till View Post
In named.conf file within the "options" section add:

Code:
allow-transfer {"none";};
to disable all zone transfers.
Thanks Till,

My "named.conf" file actually only looks like this:

Code:
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

So added it to the "named.conf.options" instead.

Code:
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
        allow-transfer {"none";};
};
Works a treat Cheers.


Just going back quickly to point 3 in my original post, I'm sure I've read on the forums that this was for Mydns and not Bind, but I've played about with it a bit, and it appears as if it works for bind to?, and if set can override the setting above in the "named.conf.options" file for a particular zone. So am I right in thinking its ok to use it for Bind if needed?



Quote:
Originally Posted by till View Post
Regarding the user manual. Would be great if you might be able to help us to write one.
Cool, no Probs.
I'm assuming nothings been started yet?
If so I'll start it in a basic html pages, and create the structure first. Perhaps it could be a subfolder of the ispconfig site, a link could then be added to the help page in ispconfig?
I'll write the pages for the areas that I know about first, and then will get some clarification on the areas I'm unsure about.
__________________
If it ain't broke, then take it apart to see what makes it so bloody special!!!
Reply With Quote
  #4  
Old 10th July 2010, 14:53
Agent_M Agent_M is offline
Junior Member
 
Join Date: Jul 2010
Location: Perth, Australia
Posts: 29
Thanks: 5
Thanked 3 Times in 3 Posts
Default

also should "auth-nxdomain no;" be set to yes?
__________________
If it ain't broke, then take it apart to see what makes it so bloody special!!!
Reply With Quote
  #5  
Old 11th July 2010, 16:50
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,046
Thanks: 826
Thanked 5,389 Times in 4,234 Posts
Default

Quote:
Just going back quickly to point 3 in my original post, I'm sure I've read on the forums that this was for Mydns and not Bind, but I've played about with it a bit, and it appears as if it works for bind to?, and if set can override the setting above in the "named.conf.options" file for a particular zone. So am I right in thinking its ok to use it for Bind if needed?
This hs been added in ispconfig 3.0.2.2

Quote:
I'm assuming nothings been started yet?
If so I'll start it in a basic html pages, and create the structure first. Perhaps it could be a subfolder of the ispconfig site, a link could then be added to the help page in ispconfig?
I will setup a cms system for the documentation which makes it easier to edit the pages and upload screenshots etc.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
Agent_M (11th July 2010)
  #6  
Old 11th July 2010, 16:53
Agent_M Agent_M is offline
Junior Member
 
Join Date: Jul 2010
Location: Perth, Australia
Posts: 29
Thanks: 5
Thanked 3 Times in 3 Posts
 
Default

Cool..thanks...to both points ^
__________________
If it ain't broke, then take it apart to see what makes it so bloody special!!!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora 13 BIND Server wont start. ev0css Installation/Configuration 1 23rd June 2010 22:16
HELP DNS and DHCP I AM LOST krisarmstrong Server Operation 0 18th August 2009 23:27
DNS Zone Transfer not complete. joelee HOWTO-Related Questions 3 19th August 2007 14:55
dns server error Hellbound General 7 2nd August 2007 09:18
Bind-Chroot-Howto (Debian) spaz HOWTO-Related Questions 5 9th March 2006 14:50


All times are GMT +2. The time now is 08:44.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.