Re: Securing zone transfer and DDNS
Aleksander Kurczyk
aleksanderkurczyk at o2.pl
Thu Nov 10 16:19:05 UTC 2011
Thanks everybody for the answers.
I have one more question - how can I block every update for every zone in options section using update-policy?
logging { ... };
options {
directory "/var/named";
dnssec-enable yes;
recursion yes;
allow-recursion { 127.0.0.1; };
allow-transfer { none; };
allow-update { none; }; <<<<<<<<<<<<<<<<
};
key "rndc-key" { ... };
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
key "transfer-key" { ... };
key "ddns-key" { ... };
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};
zone "my.zone" IN {
type master;
file "my.zone";
allow-transfer { key transfer-key; };
update-policy {
grant ddns-key zonesub ANY;
};
};
--
Pozdrawiam,
Aleksander Kurczyk
More information about the bind-users
mailing list