Zone transfer AXFR

J

juliusbarra

Verified User
Joined
Apr 4, 2008
Messages
20
Hello,

I checked my domain DNS and I had this result:


FAIL


Zone transfer
(AXFR)


At least one of your nameservers allowed a zone transfer to be performed. The zone transfer enables the extraction of all DNS data available for the zone. According to DNS best practices it is advisable to disable zone transfers for public slave zones.
Click to expand...

Is this a big issue? How can I solve it in Direct Admin?

Thanks
 
I disagree with the premise that it's dangerous in the case of zones only used for public webhosting; generally all the records in the zone are for publicly available sites/services anyway. It's more important if, for example, you're running DNS for a huge university and you don't want people to know you have, for example, something like mysqlserver.example.com or passwordserver.example.com.

If you want to do it, you can certainly block zone transfers; instructions can be found here; scroll down and look for BIND on Linux/UNIX. Be sure to restart BIND afterwards.

And don't forget to allow zone transfers to your slave servers.

Jeff
 
You must log in or register to reply here.
Back
Top