[prev in list] [next in list] [prev in thread] [next in thread]
List: bind9-users
Subject: Re: TSIG last question
From: Mark_Andrews () isc ! org
Date: 2002-06-25 14:28:30
[Download RAW message or body]
> This was of great help. Another individual sent me to a web site with a
> course PDF that explained this is great detail.
>
> One thing I need clarified though:
>
> Currently, I have 1 primary and 2 slaves. ZOne transfers/updates using
> normal methods are working nicely now (again thanks to help from people here)
> .
>
> However, while reading the Bind book, it states that the slaves should not
> allow transfers....and I agree with this statement!
allow-transfer values is a policy decision. There is nothing
inherently wrong with allowing everyone to transfer a zone.
> So, in my named.conf on the slaves:
>
> zone "bar.com" {
> type slave;
> file "/zones/db.bar.com";
> masters { 1.2.3.4; };
> allow-transfer { none; };
>
> The above example of TSIG seems to go against what is recommended :
>
> zone example {
> type slave;
> file "example";
> masters { 10.0.0.1; };
> allow-transfer { key example.key; };
>
>
> I just want to verify that this must be the case (so it seems).
Using the *same* allow-transfer acl does not change who
can transfer the zone (firewalled masters aside).
> Thanx to all who responded. I really appreciate it!
>
> Jeff
>
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic