Zone transfer updates
Holdsworth, Matthew
Matthew.Holdsworth at cwcom.co.uk
Mon Mar 15 08:56:33 UTC 2004
Kevin,
In my BIND8 server, using this type of config allowed zone transfers to be
made between the master and itself, itself being the one that pulled the
data from the master. Is this not possible to do now using BIND9?
The architecture I have here is as follows:
I have one master and a secondary, then a number of slaves around ths
country. I need to get these slaves to recieve zone transfers from the
secondary master.
In BIND8 this would have worked and it would not have complained about this
'allow-update' option.
One thought, is this 'allow-update' option anything to do with zone
transfers after all this?
Matt
> -----Original Message-----
> From: bind-users-bounce at isc.org [SMTP:bind-users-bounce at isc.org] On Behalf
> Of Kevin Darcy
> Sent: Friday, March 12, 2004 10:52 PM
> To: 'bind-users at isc.org'
> Subject: Re: Zone transfer updates
>
> Holdsworth, Matthew wrote:
>
> >Dear All,
> >
> >I've just upgraded our BIND version from 8 to 9 and have discovered a
> >difference which means it aint working now!!! So, was wondering if you
> kind
> >chaps could point me in the right direction.
> >
> >This is the part of the config that seems to be the bother:
> >
> >options {
> > directory "/etc/namedfiles";
> > datasize 100M;
> > listen-on { 10.10.10.10; 20.20.20.20; 30.30.30.30; };
> >};
> >
> >zone "myzone.one.two.three" IN {
> > type slave;
> > file "db.myzone.one.two.three";
> > masters { 99.99.99.99; };
> > allow-update { 99.99.99.99; };
> > allow-transfer { none; };
> >};
> >
> >This was used in the BIND 8 version of our named.conf. However, when
> using
> >this same config file on our BIND 9 installation we get errors stating
> that
> >the 'allow-update' option cannot be used in the slave zone
> >'myzone.one.two.three'. These appear when trying to start named process.
> >
> >Please bear in mind we're running this on a Solaris UNIX installation.
> >
> Well, what is it that you're trying to accomplish by putting that
> "allow-update" in the slave-zone definition? Updates cannot be accepted
> directly on slaves, so they would have to be forwarded (to the master),
> refused or dropped. BIND 8 wasn't smart enough to forward the updates,
> so I fail to see how you're going to lose any functionality by just
> taking the "allow-update" statement out of there. If you do in fact want
> to avail yourself of BIND 9's update-forwarding capabilities, then you
> need to configure it via the "allow-update-forwarding" statement. See
> the docs, paying special heed to the security implications of forwarding
> updates.
>
>
> - Kevin
>
The contents of this email and any attachments are sent for the personal attention
of the addressee(s) only and may be confidential. If you are not the intended
addressee, any use, disclosure or copying of this email and any attachments is
unauthorised - please notify the sender by return and delete the message. Any
representations or commitments expressed in this email are subject to contract.
ntl Group Limited
More information about the bind-users
mailing list