blackhole and allow-transfer
Kevin Darcy
kcd at daimlerchrysler.com
Wed Apr 3 21:54:22 UTC 2002
I don't know the answer offhand, but it should be an easy thing to test. =
My
speculation would be that blackhole would prevail, since the blackhole lo=
gic
resides at a lower level than the ACL-checking logic. But that's only a
speculation.
Note that even if allow-transfer "overrides" blackhole, you'll still have=
a
problem with serial-number queries from the slaves to the master, since t=
hose
are seen as just "ordinary" queries and thus would be blackholed. So you'=
d
better hope that all of your NOTIFYs are received in a timely fashion, an=
d
you'd better make sure that all of your stealth slaves are mentioned in a=
n
also-notify clause.
Why not just make exceptions in your blackhole option for the slave
IP addresses???
- Kevin
Jochen Schiffler wrote:
> Hi,
>
> can anyone tell me which option statement is more powerful?
>
> I mean if I 'blackhole' the net 192/8, will a single server with an
> 192.x.x.x address be able to transfer zones when it=B4s explicitly allo=
wed in
> the allow-transfer-statment? Or will blackhole override allow-transfer?
>
> Thanx
> Jochen
More information about the bind-users
mailing list