|
|
over-use of allow-transfer ?: msg#00657network.dns.bind.user
Hello, Question: In the case shown below, is "allow-transfer" needed in the options area in named.conf? Details: In our named.conf file for bind 9, we have the directive allow-transfer used in the following locations: 1) at the top of named.conf in the "options" setting, after our acl list. It contains the list of slave DNS servers at our colo; 2) within each zone entry for our "inside" view. It contains the list of slave DNS servers at our HQ; 3) within each zone entry for our "outside" view. It, too, contains the list of slave DNS servers at our colo; Is this overkill? Maybe even a misconfiguration on our part? I mean, I understand setting allow-transfer for each zone within each view, but do we need allow-transfer within the options area? I don't want to remove it because, well, I don't want to break our DNS :) Does our configuration have the risk that outside slave DNS servers may be able to zone-transfer our *inside* zones? Thanks in advance for the clarification(s). |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | SOA records: 00657, Dibyendu Rakshit (Dib) |
|---|---|
| Next by Date: | Re: SOA records: 00657, Barry Margolin |
| Previous by Thread: | SOA recordsi: 00657, Dibyendu Rakshit (Dib) |
| Next by Thread: | Re: over-use of allow-transfer ?: 00657, Barry Margolin |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |