[bind9] allow transfer, nameserver-only?
Kevin Darcy
kcd at daimlerchrysler.com
Tue Jan 31 21:54:26 UTC 2006
Helmut Schneider wrote:
>Kevin Darcy (kcd at daimlerchrysler.com) wrote:
>
>
>
>>>I do have ACLs for that but if you maintain a list of zones where the
>>>secondaries are spread over a number of providers it is no fun to
>>>delegate zone transfer for each zone.
>>>
>>>
>>Why limit transfers at all?
>>
>>
>
>Why does bind provide options which are totally useless then?
>
No-one said they were totally useless. allow-transfer might be useful
if, for instance, one particular site is misconfigured as a stealth
slave to the wrong server and you wanted to cut them off in a
zone-transfer-specific way, i.e. without disrupting normal DNS queries
or non-DNS forms of intercommunication.
- Kevin
More information about the bind-users
mailing list