allow-transfer {none;} doesn't seem to work.
Barry Margolin
barmar at alum.mit.edu
Fri Jul 15 19:55:31 UTC 2005
In article <db8lnm$uh6$1 at sf1.isc.org>, /dev/rob0 <rob0 at gmx.co.uk>
wrote:
> Gang Chen wrote:
> > I have an option as allow-transfer { none;}; to
> > disable any host to request a zone transfer but when I
> > do a nslookup I can still do zone trasfer. Is there a
> > bug or I don't understand it correctly?
>
> 1. Don't use nslookup.
Although nslookup is not the recommended troubleshooting tool, it *does*
use zone transfer to implement its "ls" command. So why do you think
using dig instead of nslookup would shed some light on this. Dig is
better when things fail, since it gives clearer errors, but when things
are successful I don't think it makes as much difference which utility
you use.
> 2. You don't understand something.
>
> > view "default"
> > {
> > transfer-source 172.20.210.3;
> > notify-source 172.20.210.3;
> > match-clients { any; };
> > allow-transfer { none; };
> >
> > zone "bcn.com"
> [snip]
>
> Try dig(1):
> $ dig @172.20.210.3 bcn.com. axfr
> What does that get?
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list