Re: bind9 and AXFR/allow-transfer

To: debian-user@lists.debian.org
Subject: Re: bind9 and AXFR/allow-transfer
From: Bill Moseley <moseley@hank.org>
Date: Wed, 10 Sep 2003 12:01:26 -0700
Message-id: <[🔎] 20030910190126.GA8921@hank.org>
Mail-followup-to: moseley@hank.org, debian-user@lists.debian.org
In-reply-to: <[🔎] 20030910183558.GC34217@radix.cryptio.net>
References: <[🔎] 20030910162214.GD1263@hank.org> <[🔎] 20030910183558.GC34217@radix.cryptio.net>

On Wed, Sep 10, 2003 at 11:35:58AM -0700, Mark Ferlatte wrote:
> moseley@hank.org said on Wed, Sep 10, 2003 at 09:22:15AM -0700:
> > I know I can use ACLs to setup what hosts can AXFR with allow-transfer, 
> > but I'm wondering if there is a way to only allow transfers to hosts 
> > specified as NS in the zone.  That would avoid having to update the 
> > bind conf file if a zone's NS records change.  Is that possible in 
> > Bind9?
> 
> Not directly.

I should ask on the bind list, but I wonder why that's not an option. 
Seems like a logical way to limit AXFRs and very easy to manage since it
would look at the NS of the zone -- no extra config changes when NS
records change.  Likely there's something obvious that I'm not seeing, 
though.

I'm also not clear if there's any security risk by allowing AXFRs to 
all.

-- 
Bill Moseley
moseley@hank.org

Reply to:

References:
- bind9 and AXFR/allow-transfer
  - From: moseley@hank.org
- Re: bind9 and AXFR/allow-transfer
  - From: Mark Ferlatte <ferlatte@cryptio.net>

Prev by Date: Re: debian-pkg kernel-patch debianlogo was Re: (half-solved) Re: Compiling kernel with patches
Next by Date: Re: mutt tips
Previous by thread: Re: bind9 and AXFR/allow-transfer
Next by thread: Card services release does not match
Index(es):
- Date
- Thread