On Apr 14 2009, Jonathan Petersson wrote:
I was reading up on TSIG signed zone-transfers and gave it a try in my
lab this morning, successfully. However what I noticed (which makes
sense based on my config) is that any host with the appropriate key is
allowed to perform a zone-transfer.
Is there any way to limit the zone-transfer to require both key and
known IP using allow-transfer?
Yup. Use
allow-transfer { !{!11.22.33.44}; key secret-key; };
Now sit down with a cold, cold drink and puzzle out why that works!
--
Chris Thompson
Email: c...@cam.ac.uk
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
