Zone transfer updates

Mon Mar 15 22:25:01 UTC 2004

No, allow-update has nothing to do with zone transfers. It has to do 
with what an authoritative nameserver does when a Dynamic Update request 
for the zone is received from a client.

                                                      - Kevin

Holdsworth, Matthew wrote:

>Kevin,
>
>In my BIND8 server, using this type of config allowed zone transfers to be
>made between the master and itself, itself being the one that pulled the
>data from the master. Is this not possible to do now using BIND9?
>
>The architecture I have here is as follows:
>I have one master and a secondary, then a number of slaves around ths
>country. I need to get these slaves to recieve zone transfers from the
>secondary master.
>In BIND8 this would have worked and it would not have complained about this
>'allow-update' option.
>
>One thought, is this 'allow-update' option anything to do with zone
>transfers after all this?
>
>Matt
>
>  
>
>>-----Original Message-----
>>From:	bind-users-bounce at isc.org [SMTP:bind-users-bounce at isc.org] On Behalf
>>Of Kevin Darcy
>>Sent:	Friday, March 12, 2004 10:52 PM
>>To:	'bind-users at isc.org'
>>Subject:	Re: Zone transfer updates
>>
>>Holdsworth, Matthew wrote:
>>
>>    
>>
>>>Dear All,
>>>
>>>I've just upgraded our BIND version from 8 to 9 and have discovered a
>>>difference which means it aint working now!!! So, was wondering if you
>>>      
>>>
>>kind
>>    
>>
>>>chaps could point me in the right direction.
>>>
>>>This is the part of the config that seems to be the bother:
>>>
>>>options {
>>>       directory "/etc/namedfiles";
>>>       datasize 100M;
>>>       listen-on { 10.10.10.10; 20.20.20.20; 30.30.30.30; };
>>>};
>>>
>>>zone "myzone.one.two.three" IN {
>>>       type slave;
>>>       file "db.myzone.one.two.three";
>>>       masters { 99.99.99.99; };
>>>       allow-update { 99.99.99.99; };
>>>       allow-transfer { none; };
>>>};
>>>
>>>This was used in the BIND 8 version of our named.conf. However, when
>>>      
>>>
>>using
>>    
>>
>>>this same config file on our BIND 9 installation we get errors stating
>>>      
>>>
>>that
>>    
>>
>>>the 'allow-update' option cannot be used in the slave zone
>>>'myzone.one.two.three'. These appear when trying to start named process.
>>>
>>>Please bear in mind we're running this on a Solaris UNIX installation.
>>>
>>>      
>>>
>>Well, what is it that you're trying to accomplish by putting that 
>>"allow-update" in the slave-zone definition? Updates cannot be accepted 
>>directly on slaves, so they would have to be forwarded (to the master), 
>>refused or dropped. BIND 8 wasn't smart enough to forward the updates, 
>>so I fail to see how you're going to lose any functionality by just 
>>taking the "allow-update" statement out of there. If you do in fact want 
>>to avail yourself of BIND 9's update-forwarding capabilities, then you 
>>need to configure it via the "allow-update-forwarding" statement. See 
>>the docs, paying special heed to the security implications of forwarding 
>>updates.
>>
>>                                                                         
>>                                    - Kevin
>>
>>    
>>
>
>
>The contents of this email and any attachments are sent for the personal attention
>of the addressee(s) only and may be confidential.  If you are not the intended
>addressee, any use, disclosure or copying of this email and any attachments is
>unauthorised - please notify the sender by return and delete the message.  Any
>representations or commitments expressed in this email are subject to contract. 
> 
>ntl Group Limited
>
>
>
>
>
>  
>