[bind9] allow transfer, nameserver-only?
Frank Y.F. Luo
luoy at muohio.edu
Mon Jan 30 15:03:17 UTC 2006
I though it is by default that zone transfer is allowed from the host
represented by NS record - the other name servers of this zone. Is this
assumption right?
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Danny Mayer
> Sent: Monday, January 30, 2006 9:52 AM
> To: Helmut Schneider
> Cc: comp-protocols-dns-bind at isc.org
> Subject: Re: [bind9] allow transfer, nameserver-only?
>
>
> Helmut Schneider wrote:
> > Barry Margolin (barmar at alum.mit.edu) wrote:
> >> In article <drddrq$2l1p$1 at sf1.isc.org>,
> >> "Helmut Schneider" <jumper99 at gmx.de> wrote:
> >>
> >>> is it possible to define that a zone transfer is only allowed for NS
> >>> records of the according zone file?
> >> I don't think BIND has such an option. Some other DNS implementations
> >> use the NS records as their default "allow-transfer" access list.
> >
> > Yes, Windows DNS does and I hoped that bind has such an option, too.
> >
> > Thanks, Helmut
> >
> You can restrict transfer of any zone to any list of addresses with the
> allow-transfer option. It's up to you to specify what you want in there.
> Are you asking that zone transfers are only allowed from addresses
> listed in the NS records for the zone? Then see above.
>
> Danny
>
>
>
More information about the bind-users
mailing list