[SUMMARY] Hiding domain from 'nslookup ls -d'

From: Rick von Richter (rickv@mwh.com)
Date: Thu Apr 13 2000 - 17:08:09 CDT

Another one of those 'just didn't dig deep enough into the docs' problems.

Thanks to;
Padraig Houlahan
Gabriel Rosenkoetter
James Ford

For BIND 4.9.x (which is Solaris 2.6 and less)

use the xfrnets directive in the named.boot file. Example;

        xfrnets 156.125.0.0 205.169.32.0 158.152.24.2&255.255.255.255

This will allow zone transfers from the class B net 156.125, the Class C
net 205.169.32 and the HOST 158.152.25.2 only.

For BIND 8

use the allow-transfer directive. Example;

        allow-transfer {
                1.2.3.4; # secondary DNS
                5.6.7.8; # another trusted machine
        };

---------
Original Question:

When you go into nslookup you can run the command: ls -d <domain> and
possible get a full dump of that domain table. I have done this to some
domains and I get blocked.

How do I set up Bind to not show my domain if someone does this to me.

Solaris 2.6

I'm not sure how to get the Bind version unless I do a reboot but it is the
standard one that comes on 2.6.

-----
BTW, to find out which version of BIND you are running, do the following;

# /usr/ccs/bin/what /usr/sbin/in.named

  Or, use strings on the in.named binary if SUNWsprot is not loaded:

  # /usr/bin/strings /usr/sbin/in.named |grep "named "

  Sun Supported versions will display as follows:

   Solaris 7

    @(#)in.named BIND 8.1.2 Tue Nov 10 18:16 1998 Generic
107018-5.7-September
  1998

   Solaris 2.6

    named 4.9.4-P1

   Solaris 2.5.1

    named 4.9.3-P1

  To determine the package, check the installation contents log

   # grep /usr/sbin/in.named /var/sadm/install/contents
   /usr/sbin/in.named f none 0555 bin bin 268396 3835 913658918 SUNWcsu

  To get pkg revision details:
   # showrev -c /usr/sbin/in.named 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Rick von Richter Systems/Network Supervisor       Voice: 858-552-6222
  rickv@mwh.com    Maintenance Warehouse/Home Depot   Fax: 858-552-6213
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  The box says: Win98, WinNT or BETTER. That's why I installed Linux.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:06 CDT