is there a also-allow-transfer

Feng He fenghe at nsbeta.info
Thu Dec 13 09:09:37 UTC 2012


Thanks.

So how to handle the case described as below?

We already have the also-notify{} section in the global options{} block.

But for a special zone, just want to include another IP to also-notify
besides the global IPs.




于 2012-12-13 17:00, Sten Carlsen 写道:
> 
> On 13/12/12 9:46, Feng He wrote:
>> Hello Mark,
>>
>> My named.conf looks as:
>>
>> acl "NAMESVR" { 74.81.81.82; };
> NAMESVR is an acl, it could look like {74.81.0.0/16} or {any}
> 
> Essentially it is a kind of bitmask, not a list of IPs.
>>
>> options {
>>        directory "/var/cache/bind";
>>        recursion no;
>>        version "unknown";
>>        allow-transfer { NAMESVR; };
>>        also-notify { NAMESVR; };
> All notifys must have a list of IPs, if the acl was any, you would have 
> to notify the full internet. The mechanism is designed to accept only a 
> list of IPs. It can not accept an acl.
>>        allow-update { 127.0.0.1; };
>> };
>>
>>
>> # zone begins
>> zone "test.com" {
>>        type master;
>>        file "/var/cache/bind/test.com.db";
>>        allow-transfer { NAMESVR; 74.81.81.81; };
>>        also-notify { NAMESVR; 74.81.81.81; };
>> };
>>
>>
>> When I run named-checkconf I got the error:
>>
>> # named-checkconf
>> /etc/bind/named.conf:8: expected IP address near 'NAMESVR'
>>
>> Please help. Thanks.
>>
>>
>>
>>
>> 于 2012-12-13 15:23, Mark Andrews 写道:
>>> In message<50C9818E.2060303 at nsbeta.info>, Feng He writes:
>>>> Hello,
>>>>
>>>> I have the allow-transfer{} section in the global options{} block.
>>>>
>>>> But for a special zone, I want to include another IP to allow transfer
>>>> besides the global IPs.
>>>>
>>>> Is there a also-allow-transfer option in BIND?
>>>> If not how to control this?
>>> acl xxx { };
>>>
>>> options {
>>> 	allow-transfer { xxx; };
>>> };
>>>
>>> zone "yyy" {
>>> 	allow-transfer { xxx; extra; };
>>> };
>>>
>>>> Thanks.




More information about the bind-users mailing list