allow-transfer {none;} doesn't seem to work.
Kevin Darcy
kcd at daimlerchrysler.com
Fri Jul 15 22:11:10 UTC 2005
Your allow-transfer is view-specific. It seems unlikely that you have
only 1 view which matches all clients -- why bother defining a view in
that case? -- so I assume there is more to your config than you are
showing.
To which view is the zone-transfer query going?
- Kevin
Gang Chen wrote:
>Folks:
>
>I have an option as allow-transfer { none;}; to
>disable any host to request a zone transfer but when I
>do a nslookup I can still do zone trasfer. Is there a
>bug or
>I don't understand it correctly?
>
>The following is the configuraiton file:
>
>key rndc_key
>{
> algorithm "hmac-md5";
> secret
>"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
>};
>
>controls
>{
> inet 127.0.0.1 allow { localhost; } keys {
>rndc_key; };
>};
>
>options
>{
> directory "/var/dns-config/dbs";
> query-source address * port 53;
> version "Adonis Server (www.abc.com)";
>};
>
>view "default"
>{
> transfer-source 172.20.210.3;
> notify-source 172.20.210.3;
> match-clients { any; };
> allow-transfer { none; };
>
> zone "bcn.com"
> {
> type master;
> file "default/zone_bcn.com";
>
> };
>
> zone "210.18.172.in-addr.arpa"
> {
> type master;
> file "default/zone_210.18.172.in-addr.arpa";
>
> };
>
> zone "210.20.172.in-addr.arpa"
> {
> type master;
> file "default/zone_210.20.172.in-addr.arpa";
>
> };
>};
>
>Then I do nslookup:
>nslookup
>
>
>>server 172.20.210.3
>>ls -d bcn.com
>>
>>
>
>Strangely, I got the records in that zone which means
>zone transfer is successful.
>Can anybody throw some light to me please?
>
>Thanks a lot!
>
>
>
>Gang Chen
>
>
>
>
>
>____________________________________________________
>Start your day with Yahoo! - make it your home page
>http://www.yahoo.com/r/hs
>
>
>
>
>
>
>
>
More information about the bind-users
mailing list