[bind9] allow transfer, nameserver-only?
Helmut Schneider
jumper99 at gmx.de
Mon Jan 30 16:14:35 UTC 2006
Danny Mayer (mayer at gis.net) wrote:
> Helmut Schneider wrote:
>> Barry Margolin (barmar at alum.mit.edu) wrote:
>>> In article <drddrq$2l1p$1 at sf1.isc.org>,
>>> "Helmut Schneider" <jumper99 at gmx.de> wrote:
>>>
>>>> is it possible to define that a zone transfer is only allowed for NS
>>>> records of the according zone file?
>>> I don't think BIND has such an option. Some other DNS implementations
>>> use the NS records as their default "allow-transfer" access list.
>>
>> Yes, Windows DNS does and I hoped that bind has such an option, too.
>>
> You can restrict transfer of any zone to any list of addresses with the
> allow-transfer option. It's up to you to specify what you want in there.
I do have ACLs for that but if you maintain a list of zones where the
secondaries are spread over a number of providers it is no fun to delegate
zone transfer for each zone.
--
Please do not feed my mailbox, Swen still does his job well
More information about the bind-users
mailing list