Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

Actually I don't think there's any need to allow transfers to anyone OTHER than T1/T2 servers, but you'll need to create an ACL for that list.  However, the only information contained in the zone file is the hostname and IP address - the same info that is presented on the wiki page, so allowing an axfr in this case does not disclose any information that was not already publicly available.


On 12/29/2010 05:38 PM, Larry Brower wrote:

Wouldn't it be better to use tsig keys as opposed to allowing anyone to do axfr?


Connected by MOTOBLUR™ on T-Mobile

-----Original message-----

From: Julian De Marchi <julian AT jdcomputers.com.au>
To: OpenNIC discussion <discuss AT lists.opennicproject.org>
Sent: Wed, Dec 29, 2010 16:54:28 CST
Subject: [opennic-discuss] New T2 Server Config

Heya--

OpenNIC has a requirement that all T2 servers slavethe
dns.opennic.glue domain. This is to fix some issues that are occuring
when this domain is not slaved.

The original idea was from Avo, but I never had a chance to update the
required documentation.

Add this into your config;

zone "dns.opennic.glue" {
type slave;
file "/etc/bind/zones/slaves/db.dns.opennic";
masters { [server IP number]; [server IP number]; [server IP
number]; };
notify no;
allow-transfer { any; };
};

Sorry for the late info. All documentation for bind has been updated.
Can someone please visit http://wiki.opennic.glue/Tier2ServerConfig
and update the config for other breeds of DNS servers?

--julian
_______________________________________________
discuss mailing list
discuss AT lists.opennicproject.org
http://lists.darkdna.net/mailman/listinfo/discuss

_______________________________________________
discuss mailing list
discuss AT lists.opennicproject.org
http://lists.darkdna.net/mailman/listinfo/discuss