DNS HOWTO : Basic security options. : Restricting zone transfers
Previous: Basic security options.
Next: Protecting against spoofing

6.1. Restricting zone transfers

In order for your slave server(s) to be able to answer queries about your domain, they must be able to transfer the zone information from your primary server. Very few others have a need to do so. Therefore restrict zone transfers using the allow-transfer option, assuming 192.168.1.4 is the IP address of ns.friend.bogus and adding yourself for debugging purposes:


zone "freebsd.bogus" {
      allow-transfer { 192.168.1.4; localhost; };
};

By restricting zone transfers you ensure that the only information available to people is that which they ask for directly - no one can just ask for all the details about your set-up.


DNS HOWTO : Basic security options. : Restricting zone transfers
Previous: Basic security options.
Next: Protecting against spoofing