;Ich habe einen named am Laufen, dem ich mit dem in LinuxMag
publizierten Chaos Class das Herausgeben des Version Bind
verbieten wollte.
( Das geht so:
% dig @???.???.86.226 version.bind CHAOS TXT
;; ANSWER SECTION:
VERSION.BIND. 0S CHAOS TXT "8.1.2"
)
( http://www.linux-magazin.de/Artikel/aus ... tNmap.html )
Wenn ich das mache
Code: Select all
zone "bind" chaos {
type master;
file "/etc/bind/bind" ;
};
Code: Select all
$ORIGIN bind.
$TTL 1W
@: 1 ; serial
3H ; refresh
1H ; retry
1W ; expiry
1D ) ; minimum
CHAOS NS localhost.
bekomme ich:
nutze Bind 9.2.1-2.woody.1named[3069]: zone 'bind': wrong class for view '<default view>'
wie kommt named da ueberhaupt auf view? Das ist doch fuer Firewalls
gedacht oder?
Vielen Dank fuer alle Hints.
anbei named.conf
[size=x-small]
// Wed Jul 21 15:08:39 CEST 2004
// Master-server
options {
directory "/var/cache/bind";
dump-file "/etc/bind/named_dump.db";
statistics-file "/etc/bind/named.stats";
zone-statistics yes;
// recursion no;
// wegen der Rechte
pid-file "/etc/bind/named.pid";
query-source address * port 53;
// allow-query { trusted; !bogon; };
// allow-recursion { trusted; };
// allow-transfer { trusted; };
//allow-transfer { none; };
// blackhole { bogon; };
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
213.133.104.100;
213.133.105.2;
};
auth-nxdomain no; # conform to RFC1035
};
//acl "trusted" { localhost; };
//acl "bogon" { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3; 224.0.0.0/4; 224.0.0.0/5; }; // matter of taste 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;
// might be needed for internal DNS stuff
logging {
category "lame-servers" { "null"; };
};
//logging {
// channel "schreib_in_syslog" {
// syslog daemon;
// severity info;
// };
// category "queries" { "schreib_in_syslog"; };
// };
//logging {
// channel "schreib_in_file" {
// file "/etc/bind/named.debug" versions 3 size 20m;
// print-time yes;
// print-category yes;
// severity dynamic;
// };
//category "default" { "schreib_in_file"; };
// };
// logging {
// channel "schreib_nicht_syslogd" {
// file "/etc/bind/named.queries" versions 3 size 20m;
// print-time yes;
// print-category yes;
// //syslog daemon;
// severity info;
// };
//category "queries" { "schreib_nicht_syslogd"; };
// };
//zone "bind" chaos {
// type master;
// file "/etc/bind/bind" ;
// };
// prime the server with knowledge of the root servers
zone "." {
type hint;
// file "/etc/bind/db.root";
file "/etc/bind/db.root-and-orsn";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// add entries for other zones below here
key "key" {
algorithm hmac-md5;
secret "J3xidQBggkL fake GSicjzeDD555qJ+0tFQ==";
};
zone "grummel.com" {
type master;
file "/etc/bind/grummel.hosts";
};