netiquette & zone transfers
Barry Margolin
barmar at bbnplanet.com
Wed Mar 22 18:40:02 UTC 2000
In article <38d8d347.538453 at nntp.jaring.my>,
Lincoln Yeoh <lyeoh at pop.jaring.nospam.my> wrote:
>Just wondering, how do you tell whether you are authorised to transfer
>zones or not? I mean if ls -d works, aren't you authorised to do it? e.g.
You just know.
It's like a door that says "Authorized entry only." If no one ever told
you that you're authorized, you can usually assume that you're not.
>it's a service which the dns admin was generous to provide. Zone transfers
>should be off by default, then if they are on, it means it's allowed.
Unfortunately, BIND allows them by default.
We host DNS for thousands of customers, and we allow them to run slave
servers on their LANs, so we need to allow zone transfers. A customer is
authorized to transfer their own domains; everyone else is unauthorized,
but we don't enforce this (we would have to contact all the customers and
find out if they're running their own slaves so that we could set up access
lists).
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list