Having Problems

Jim Reid jim at rfc1035.com
Mon Jun 24 01:06:03 UTC 2002

>>>>> "Jester" == Jester  <admin at invalid.com> writes:

    Jester> My secondary DNS is easydns.com & have them as allow for
    Jester> this (see below)

    Jester>         allow-transfer {; easydns.com; };

Check the syntax for address_match_list in the BIND9 Administrator's
Reference Manual. Unless you have defined easydns.com as an Access
Control List, the above clause won't work the way you hoped. It's
ultimately IP addresses (or transaction signatures) that get entered
into an address_match_list, not domain names. You could simply replace
"easydns.com" in the ACL above with the IP addresses of the
easydns.com servers that transfer your zone. Better still, get their
servers to use TSIG (transaction signatures) and use that to
authenticate/restrict the zone transfers. That saves you doing
anything if the IP addresses of those servers change.

More information about the bind-users mailing list