Re: Securing zone transfer and DDNS

Aleksander Kurczyk Thu, 10 Nov 2011 08:20:48 -0800

Thanks everybody for the answers.
I have one more question - how can I block every update for every zone in 
options section using update-policy?


logging { ... };

options {
        directory "/var/named";
        dnssec-enable yes;
        recursion yes;
        allow-recursion { 127.0.0.1; };
        allow-transfer { none; };
        allow-update { none; }; <<<<<<<<<<<<<<<<
};

key "rndc-key" { ... };

controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
};

key "transfer-key" { ... };

key "ddns-key" { ... };

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
};

zone "my.zone" IN {
        type master;
        file "my.zone";
        allow-transfer { key transfer-key; };
        update-policy {
                grant ddns-key zonesub ANY;
        };
};

-- 
Pozdrawiam,
Aleksander Kurczyk
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Securing zone transfer and DDNS

Reply via email to