transfers from slave server

[Kevin Darcy]

Bill Friedman wrote:

> right.  incidentally our nameservers aren't really published as they are
> "hidden" nameservers, i.e. our isp is actually the SOA for our domains
> and it looks to our dns server(s) for updates.
> so on the slave I'd just want to add the allow-transfer option as follows.
>
> options {
>         directory "/var/named";
>         allow-transfer {
>                 ns1.ourisp.net
>                 ns2.ourisp.net
>                 ....
>         };
> };
>

Right, but with semicolon-delimited addresses instead of names.

And, of course, you don't need to list any of the slave's own addresses in its
allow-transfer unless you want to do zone transfers from the command-line.


- Kevin

> ....and that's all there is to it?  On the master, which I didn't set
> up, they list the allow-transfer option for each domain even though
> they're the same for all domains.  So I learned something new here.  Thanks
>
> Kevin Darcy wrote:
>
> >Bill Friedman wrote:
> >
> >
> >
> >>I've set up a slave to serve as backup if master goes down.  What
> >>controls transfers from slave server when master goes down?  Do I need
> >>to add allow-transfer to named.conf for each domain?  BIND book just
> >>says to copy named.conf, change type to slave and include masters { .....
> >>
> >>
> >
> >It's really up to you. How free do you want to be with your zone
> >transfers? Note however that it makes no sense from a security standpoint to
> >restrict zone transfers on some of the published nameservers for a zone and
> >not others.
> >
> >Even if you decide to restrict zone transfers, there should be no reason to
> >define allow-transfer for each domain if the restriction is the same for all
> >of them: you can just restrict zone-transfers globally by putting the
> >allow-transfer in your "options" clause.
> >
> >
> >- Kevin
> >
> >
> >
> >
> >
>
> --
> Thank You
>
> Bill Friedman
> lingua franca networking
> lfnetworking.com
> 510-508-5539