question about allow-notify
aklist
aklist_bind at enigmedia.com
Thu Jul 17 15:52:55 UTC 2008
Hi All: Pretty basic question...I have a master NS on a public IP and have a
slave NS (Bind 9.5.0-P1) behind a NAT'd router (192.168.1/24). The master is
sending notifies to the slave, but the slave is refusing the notifies
because they're coming from the router's gateway IP (192.168.1.1) and not
the IP of the primary NS.
If I add the gateway IP to the allow-notify statement on the slave, that
will just allow it to acknowledge the notify, and then load the zone from
the primary NS in the zone statement, correct? IOW, is there any risk to
adding allow-notify from the gateway IP? Obviously any computer in the world
would be able to send it notifies at that point? Is there a potential DOS in
this approach, and is there a better way to handle it?
More information about the bind-users
mailing list