Restricting zone transfers with IP addresses in BIND DNS Server

DNS server can be attacked using various techniques such as:


[a] DNS spoofing




[b] Cache poisoning




[c] Registration hijacking




One of the simplest ways to defend is limit zone transfers between
nameservers by defining ACL. I see many admin allows BIND to transfer
zones in bulk outside their network or organization. There is no need
to do this. Remember you don't have to make an attacker's life easier.




Restricting zone transfers with IP addresses in BIND DNS Server