Limit allow-transfer to key + IP
Chris Thompson
cet1 at cam.ac.uk
Tue Apr 14 19:28:27 UTC 2009
On Apr 14 2009, Jonathan Petersson wrote:
>I was reading up on TSIG signed zone-transfers and gave it a try in my
>lab this morning, successfully. However what I noticed (which makes
>sense based on my config) is that any host with the appropriate key is
>allowed to perform a zone-transfer.
>
>Is there any way to limit the zone-transfer to require both key and
>known IP using allow-transfer?
Yup. Use
allow-transfer { !{!11.22.33.44}; key secret-key; };
Now sit down with a cold, cold drink and puzzle out why that works!
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list