Preventing DNS Zone Transfers using ACLs in named.conf
August 31st, 2011
No comments
DNS servers can be attacked using various techniques including:
- DNS spoofing
- Cache poisoning
- Registration hijacking
One of the simplest ways to defend is to strictly limit zone transfers between nameservers by defining an ACL. Many system administrators allows BIND to transfer zones in bulk outside of their network or organisation. This is an attack vector. You can prevent this by using ACLs: Read more…
Categories: DNS and BIND, linux
