Limit allow-transfer to key + IP
Jonathan Petersson
jpetersson at garnser.se
Tue Apr 14 19:32:48 UTC 2009
Thanks!
/Jonathan
On Tue, Apr 14, 2009 at 12:28 PM, Chris Thompson <cet1 at cam.ac.uk> wrote:
> On Apr 14 2009, Jonathan Petersson wrote:
>
>> I was reading up on TSIG signed zone-transfers and gave it a try in my
>> lab this morning, successfully. However what I noticed (which makes
>> sense based on my config) is that any host with the appropriate key is
>> allowed to perform a zone-transfer.
>>
>> Is there any way to limit the zone-transfer to require both key and
>> known IP using allow-transfer?
>
> Yup. Use
>
> allow-transfer { !{!11.22.33.44}; key secret-key; };
>
> Now sit down with a cold, cold drink and puzzle out why that works!
>
> --
> Chris Thompson
> Email: cet1 at cam.ac.uk
>
>
More information about the bind-users
mailing list