Does "allow-transfer" work properly?

Mark Andrews Mark_Andrews at isc.org
Thu Oct 5 00:30:52 UTC 2006 

> Hi guys,
> 
> I have a nameserver with the IP address = 15.113.159.60 and the following nam
> ed.conf
> 
> ## named.conf - configuration for bind
> #
> # Generated automatically by bindconf, alchemist et al.
> controls {
>          inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> };
> 
> include "/etc/rndc.key";
> 
> options {
>          directory "/var/named/";
> };
> 
> [CUT]
> 
> zone "rcs.xt" {
>          type slave;
>          file "rcs.xt.zone";
>          masters { 112.124.16.162; };
>          allow-transfer { 15.113.159.60; };
> };
> 
> 
> I didn't write the named.conf but it seems to me that the master can allow tr
> ansfers only from itself. Obviously it's 
> not required to ask the zone rcs.xt from itself but from the master. That rul
> e applies just for that zone. The others 
> can be pulled by anyone (ok it's not securing and I'm about to put a full sto
> p to this behavior). For me the rule 
> written above doesn't make sense.
> 
> Then, there is another server that acts as total backup for all the zones of 
> 15.113.159.60 (included rcs.xt)
> What it's weird to me is that the second one gets always an update list of th
> e zone even if shouldn't! (I check it 
> looking at the timestamp of the file on the second server). I didn't checked 
> by adding or removing hosts in that zone on 
> 112.124.16.162.
> BTW I can not access 112.124.16.162.

	It reflects the last successful refresh query *or* the last transfer
	time.  The only way to test if zone transfer work is to force a
	zone transfer either by updating the serial number or by manually
	performing the transfer.
 
> Am I using the wrong method to see if "allow-transfer" does its job properly 
> or is there anything I'm missing?
> 
> TIA
> 
> Alex.
> 
> 
--
ISC Training!  October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP.  Email training at isc.org.
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list