[bind9] allow transfer, nameserver-only?

Kevin Darcy kcd at daimlerchrysler.com
Tue Jan 31 21:54:26 UTC 2006


Helmut Schneider wrote:

>Kevin Darcy (kcd at daimlerchrysler.com) wrote:
>
>  
>
>>>I do have ACLs for that but if you maintain a list of zones where the 
>>>secondaries are spread over a number of providers it is no fun to
>>>delegate  zone transfer for each zone.
>>>      
>>>
>>Why limit transfers at all?
>>    
>>
>
>Why does bind provide options which are totally useless then?
>
No-one said they were totally useless. allow-transfer might be useful 
if, for instance, one particular site is misconfigured as a stealth 
slave to the wrong server and you wanted to cut them off in a 
zone-transfer-specific way, i.e. without disrupting normal DNS queries 
or non-DNS forms of intercommunication.

                                                                         
                                                      - Kevin




More information about the bind-users mailing list