"allow-transfer" directive on Bind 8
Barry Margolin
barmar at genuity.net
Wed Dec 26 16:52:20 UTC 2001
In article <a0cuqj$3vt at pub3.rc.vix.com>,
Philip J. Koenig <See_email_ at ddress_below.This_one_is.invalid> wrote:
>Using Bind 8.2.3 or above.
>
>On a slave server, should I be concerned about using the
>"allow-transfer" directive if I am using it on the master
>server? Should it match the master even if the slave isn't
>allowing other slaves to load from it?
If the slave isn't using the allow-transfer directive, it *is* allowing
other servers to load from it.
>Sometimes I like to do zone transfers using NSlookup or Dig
>for debugging purposes, and it seems to me that once upon a
>time I had to put in hosts like 127.0.0.1 and/or the IP
>address of the host in question to allow such local queries,
>as well as any remote hosts that I'd want to do the same.
If you don't use the allow-transfer directive, it defaults to allowing
anyone. If you're restricting zone transfers on the master, you probably
want to restrict them similarly on the slave. Otherwise, someone who was
unable to transfer from the master could simply try one of the slaves
instead.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list