Securing zone transfer and DDNS

Jan-Piet Mens jpmens.dns at
Mon Nov 7 14:59:34 UTC 2011

> Bind version is: 9.7.4

Upgrade; 9.8.1 is current. (In addition, you're reading a book called
BIND 10 -- even though the book doesn't once mention that software!)

> Maybe this is a stupid question but what is ARM?

BIND 9 Administrator Reference Manual. It is provided in multiple
formats within the BIND source distribution. (doc/arm/*)


I assume what you probably want to do is something like this:

        key "my.key" {
                algorithm HMAC-MD5;
                secret "xxxx";
        key "my.key2" {

        acl xferkey {
                key my.key2;

        zone "" IN {
                type master;
                file "";
                allow-update {
                        key "my.key";
                allow-transfer {

Create your keys with the dnssec-keygen utility (check its manual page).

Instead of allow-update, I'd like to suggest you read up on the `grant'
statement which allows a much finer granularity on DDNS.


More information about the bind-users mailing list