Wesley,
I'm trying to get NSD to deny AXFRs for the zones its
serving. I'm compiling
--with-libwrap (although I think that's unnecessary as it
looks like the
default is to go ahead and link with libwrap). This is with 2.2.0.
SNAP
Here is what I've tried:
/etc/hosts.allow:
axfr : ALL : deny
SNAP
But nothing works. Anybody have a working example of denying
all AXFRs?
We have the following line in /etc/hosts.deny on a Debian Linux system:
/etc/hosts.deny:
axfr: ALL
axfr-nl.: ALL
In the file /etc/hosts.allow we have exceptions for this rule like:
/etc/hosts.allow:
axfr: 10.0.0.1
Hope this will help you.
Regards,
Marc