unauthorized transfers
Bill Larson
wllarso at swcp.com
Wed May 2 19:46:20 UTC 2001
> How do I prevent unauthorized slaves from pulling zones from my master DNS
> server? I am running bind 8.2.3 on Redhat 6.2.
To be blunt, read the documentation - or at least the archives of this
list/newsgroup.
To be more verbose: In you named.conf file, add an "allow-transfer"
directive to the "options" section (or your "zone" sections if you
need/want finer grain control over who can transfer what zones).
For example, in your "options" section of named.conf, if you could
have:
acl "xfer-ok" { # known slave servers
10.1.2.3; # one known slave
10.4.5.6; # another known slave
10.10.3/24; # a whole subnet
};
allow-transfer {
xfer-ok;
};
This will define an access control list (acl) of the IP addresses
that you want to allow to transfer zones, and an "allow-transfer"
directive specifying this acl.
According to the named.conf file documentation, available from
<http://www.isc.org/products/BIND/docs/config> (bookmark this URL if
you don't already have easy access to the BIND man pages), if a
"allow-transfer" option is not specified, then the default is to
"allow transfers from all hosts".
Bill Larson
More information about the bind-users
mailing list