limiting zone AXFR

Johnno johnno at nospam.casebook.org
Sat Apr 8 16:37:23 UTC 2000


"Michael Vincent K. Pozon - CompE" <vince at trinity.cebu.pilnet.com> wrote:

> hello bind users ...
> sorry if i didnt did some effort to browse the mailing archives ... it's
> just that it's too big .. any FAQ ?

> by the way , my question is that, how do i limit any hosts to do a
> zone transfer ? i dont want unauthorize host to do axfr from my
> nameserver

zone "blah.com" {
    type master;
    file "fwd/blah.com";
    allow-transfer {
        123.45.67.89;
    };
};

Anything not explicitly listed in the allow-transfer directive will be given
the palm and will not be able to transfer the zone.

Make sure that any secondary nameservers for your zone also enforce this
rule, otherwise people will be able to do a zone transfer from the other
listed nameserver(s).


--
Johnno (johnno at nospam.casebook.org)
http://usrwww.optusnet.com.au/~japp



.



More information about the bind-users mailing list