[Samba] I can't deny zone transfer when using bind as DNS backend
Denis Morejon
denis.morejon at etecsa.cu
Tue Feb 13 21:30:48 UTC 2018
Well, I'm using Samba 4.7.4 DC and bind 9.10.3 as DNS back end. I have a
zone called mydomain.cu into Samba where are placed our workstations and
servers records. This is my configuration.
I want to prevent zone transfer attacks to this zone by restricting the
hosts that could do it. I tried the allow-transfer {"none";}; in the
named.conf.options file but It doesn't work.
How can I prevent zone transfer in this type of zone ?
El 13/02/18 a las 16:14, Rowland Penny via samba escribió:
> On Tue, 13 Feb 2018 15:50:11 -0500
> Denis Morejon via samba <samba at lists.samba.org> wrote:
>
>> It doesn't work for me. I put allow-transfer {"none";}; in
>> named.conf.options. Reload the bind9 service. but I can not avoid
>> the zone transfer to the Active Directory Integrated Zone !
>>
>> I use Samba 4.7.4 (From Source) and BIND 9.10.3-P4-Debian (Debian 9)
>>
>> This configuration works well on standard zones but not on DLZ
>> (Samba) Zones.
> I think you are going to have to explain what you are trying to do, it
> sounds like you are trying to stop bind using the dns info in AD.
>
> Rowland
>
More information about the samba
mailing list