Options...
Jim Reid
jim at rfc1035.com
Tue Jan 25 11:02:35 UTC 2000
>>>>> "Istvan" == =?iso-8859-2?Q?Tak=E1cs Istv=E1n?= <iso-8859-2> writes:
Istvan> I'd like to set up that only our secondary name server
Istvan> downloads our zone files. I wrote the allow-transfer
Istvan> option with the IP address of the secondary to every file
Istvan> entry into the named.conf, restarted the ndc, but when I
Istvan> test it I could download the zones from another site... :(
Istvan> Maybe, do I have to use the allow-query option, too?
No. The allow-query option tells the name server which IP addresses
are allowed to send it queries, no matter what type of query is made.
Zone transfers (AXFR queries) are controlled by the allow-transfer
option. This option say to the name server: "here are the addresses
that are allowed to make zone transfer requests".
If you've set up the allow-transfer option correctly, it should work.
So if it's not behaving as expected, the chances are that you've made
a mistake with named.conf. Check your name server's logs for error
reports when the new config file was read or when you tried the zone
transfer. You could also post the named.conf file so that the people
on the list could take a look at it. Another possibility is that
you're sending the zone transfer requests from an allowed IP
address. You might even be sending those requests to some other name
server that doesn't have the allow-transfer option switched on.
More information about the bind-users
mailing list