Zone transfer updates

[Kevin Darcy]

Holdsworth, Matthew wrote:

>Dear All,
>
>I've just upgraded our BIND version from 8 to 9 and have discovered a
>difference which means it aint working now!!! So, was wondering if you kind
>chaps could point me in the right direction.
>
>This is the part of the config that seems to be the bother:
>
>options {
>        directory "/etc/namedfiles";
>        datasize 100M;
>        listen-on { 10.10.10.10; 20.20.20.20; 30.30.30.30; };
>};
>
>zone "myzone.one.two.three" IN {
>        type slave;
>        file "db.myzone.one.two.three";
>        masters { 99.99.99.99; };
>        allow-update { 99.99.99.99; };
>        allow-transfer { none; };
>};
>
>This was used in the BIND 8 version of our named.conf. However, when using
>this same config file on our BIND 9 installation we get errors stating that
>the 'allow-update' option cannot be used in the slave zone
>'myzone.one.two.three'. These appear when trying to start named process.
>
>Please bear in mind we're running this on a Solaris UNIX installation.
>
Well, what is it that you're trying to accomplish by putting that 
"allow-update" in the slave-zone definition? Updates cannot be accepted 
directly on slaves, so they would have to be forwarded (to the master), 
refused or dropped. BIND 8 wasn't smart enough to forward the updates, 
so I fail to see how you're going to lose any functionality by just 
taking the "allow-update" statement out of there. If you do in fact want 
to avail yourself of BIND 9's update-forwarding capabilities, then you 
need to configure it via the "allow-update-forwarding" statement. See 
the docs, paying special heed to the security implications of forwarding 
updates.

                                                                         
                                    - Kevin