transfers from slave server
Kevin Darcy
kcd at daimlerchrysler.com
Thu Aug 14 00:35:11 UTC 2003
Bill Friedman wrote:
> right. incidentally our nameservers aren't really published as they are
> "hidden" nameservers, i.e. our isp is actually the SOA for our domains
> and it looks to our dns server(s) for updates.
> so on the slave I'd just want to add the allow-transfer option as follows.
>
> options {
> directory "/var/named";
> allow-transfer {
> ns1.ourisp.net
> ns2.ourisp.net
> ....
> };
> };
>
Right, but with semicolon-delimited addresses instead of names.
And, of course, you don't need to list any of the slave's own addresses in its
allow-transfer unless you want to do zone transfers from the command-line.
- Kevin
> ....and that's all there is to it? On the master, which I didn't set
> up, they list the allow-transfer option for each domain even though
> they're the same for all domains. So I learned something new here. Thanks
>
> Kevin Darcy wrote:
>
> >Bill Friedman wrote:
> >
> >
> >
> >>I've set up a slave to serve as backup if master goes down. What
> >>controls transfers from slave server when master goes down? Do I need
> >>to add allow-transfer to named.conf for each domain? BIND book just
> >>says to copy named.conf, change type to slave and include masters { .....
> >>
> >>
> >
> >It's really up to you. How free do you want to be with your zone
> >transfers? Note however that it makes no sense from a security standpoint to
> >restrict zone transfers on some of the published nameservers for a zone and
> >not others.
> >
> >Even if you decide to restrict zone transfers, there should be no reason to
> >define allow-transfer for each domain if the restriction is the same for all
> >of them: you can just restrict zone-transfers globally by putting the
> >allow-transfer in your "options" clause.
> >
> >
> >- Kevin
> >
> >
> >
> >
> >
>
> --
> Thank You
>
> Bill Friedman
> lingua franca networking
> lfnetworking.com
> 510-508-5539
More information about the bind-users
mailing list