[Samba] I can't deny zone transfer when using bind as DNS backend

Denis Morejon denis.morejon at etecsa.cu
Tue Feb 13 21:30:48 UTC 2018

Well, I'm using Samba 4.7.4 DC and bind 9.10.3 as DNS back end. I have a 
zone called mydomain.cu into Samba where are placed our workstations and 
servers records. This is my configuration.

I want to prevent zone transfer attacks to this zone by restricting the 
hosts that could do it. I tried the allow-transfer {"none";}; in the 
named.conf.options file but It doesn't work.

How can I prevent zone transfer in this type of zone ?

El 13/02/18 a las 16:14, Rowland Penny via samba escribió:
> On Tue, 13 Feb 2018 15:50:11 -0500
> Denis Morejon via samba <samba at lists.samba.org> wrote:
>> It doesn't work for me. I put allow-transfer {"none";}; in
>> named.conf.options. Reload the bind9 service.  but I can not avoid
>> the zone transfer to the Active Directory Integrated Zone !
>> I use Samba 4.7.4 (From Source) and BIND 9.10.3-P4-Debian (Debian 9)
>> This configuration works well on standard zones but not on DLZ
>> (Samba) Zones.
> I think you are going to have to explain what you are trying to do, it
> sounds like you are trying to stop bind using the dns info in AD.
> Rowland

More information about the samba mailing list