Re: bind9 and AXFR/allow-transfer
On Wed, Sep 10, 2003 at 11:35:58AM -0700, Mark Ferlatte wrote:
> moseley@hank.org said on Wed, Sep 10, 2003 at 09:22:15AM -0700:
> > I know I can use ACLs to setup what hosts can AXFR with allow-transfer,
> > but I'm wondering if there is a way to only allow transfers to hosts
> > specified as NS in the zone. That would avoid having to update the
> > bind conf file if a zone's NS records change. Is that possible in
> > Bind9?
>
> Not directly.
I should ask on the bind list, but I wonder why that's not an option.
Seems like a logical way to limit AXFRs and very easy to manage since it
would look at the NS of the zone -- no extra config changes when NS
records change. Likely there's something obvious that I'm not seeing,
though.
I'm also not clear if there's any security risk by allowing AXFRs to
all.
--
Bill Moseley
moseley@hank.org
Reply to: