Denying AXFR on Freebsd

Markus Heimhilcher markus.heimhilcher at univie.ac.at
Tue May 10 14:49:42 UTC 2005


Hello,

I have problems denying AXFRs with nsd.
This topic has been discussed here once, but the solutions don't work 
for me.

I am using nsd 2.3 compiled with --with-libwrap on Freebsd 5.3.
I tried all variations of deny statemens in hosts.allow / hosts.deny like:

hosts.allow:
axfr: ALL : deny
axfr-zone.: ALL : deny

or

hosts.deny:
axfr: ALL
axfr-zone.: ALL

or

hosts.allow:
ALL : ALL : deny

When testing the tcp wrapper rules with tcpdmatch everything seems ok.
The nsd log is also very quiet about AXFRs taking place.
The only working option to deny AXFRs is to compile nsd without AXFR 
support.
Could this be a bug of nsd on this platform?

Besides, when will there be the possibility to configure the AXFR 
permissions in a seperate file?
According to Bugzilla this feature should already be included in the 2.3 
release of nsd.


Regards,
    Markus



More information about the nsd-users mailing list