allow-transfer by slave ?
Barry Margolin
barmar at bbnplanet.com
Wed Feb 2 18:39:23 UTC 2000
In article <3090.949512045 at gromit.rfc1035.com>,
Jim Reid <jim at rfc1035.com> wrote:
>>>>>> "Len" == Len Conrad <lconrad at Go2France.com> writes:
>
> Len> Does named 8.x defaultly refuse zone transfers for its slave
> Len> zones, or should allow-transfer be used to restrict transfers
> Len> to trusted ip's?
>
>By default there are no restrictions on who or what is allowed to do
>zone transfers in BIND8. How could the name server know what IP
>addresses could be trusted unless you told it that information?
Well, it *could* assume that zone transfers are only supposed to be done
from the master server, so slave zones could have a default 'allow-transfer
{ none; };'. It doesn't do this, but it wouldn't be unreasonable.
I think many of our customers find it surprising when they learn that their
attempts to control who can list their zones are for naught, because anyone
can list them from our slave servers.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list