Does "allow-transfer" work properly?
Barry Margolin
barmar at alum.mit.edu
Thu Oct 5 04:18:24 UTC 2006
In article <eg110m$1p83$1 at sf1.isc.org>, AM <am at am.am> wrote:
> Hi guys,
>
> I have a nameserver with the IP address = 15.113.159.60 and the following
> named.conf
>
> ## named.conf - configuration for bind
> #
> # Generated automatically by bindconf, alchemist et al.
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> };
>
> include "/etc/rndc.key";
>
> options {
> directory "/var/named/";
> };
>
> [CUT]
>
> zone "rcs.xt" {
> type slave;
> file "rcs.xt.zone";
> masters { 112.124.16.162; };
> allow-transfer { 15.113.159.60; };
> };
>
>
> I didn't write the named.conf but it seems to me that the master can allow
> transfers only from itself. Obviously it's
> not required to ask the zone rcs.xt from itself but from the master. That
> rule applies just for that zone. The others
> can be pulled by anyone (ok it's not securing and I'm about to put a full
> stop to this behavior). For me the rule
> written above doesn't make sense.
You're correct, it doesn't make sense. My guess is that they copied the
zone statement from the master server, and simply added the masters
clause. That allow-transfer clause is appropriate on the master server,
but isn't necessary on the slave's copy.
In most DNS setups there aren't any slaves of the slaves, so this
verbatim copying doesn't usually cause a problem.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list