I have searched the internet for this answer, but to
have not been able to find one.
What is the proper syntax for "allow-transfer { lan;
}" to do updates using my RNDC key? Per my example
below, it does allow it but when I start named, I get
an error that allowing update via IP address is
insecure.
Thanks for your help.
// Define address range for the local domain.
acl lan {
192.168.100/24;
127.0.0.0/24;
};
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers
you want
* to talk to, you might need to uncomment the
query-source
* directive below. Previous versions of BIND always
asked
* questions using port 53, but BIND 8.1 uses an
unprivileged
* port by default.
*/
// query-source address * port 53;
// Only allow queries and listen from the local
domain.
allow-query { lan; };
allow-recursion { lan; };
allow-transfer { lan; };
listen-on {
127.0.0.1;
192.168.100.1;
};
};
// Top Level domain name servers.
zone "." IN {
type hint;
file "named.ca";
};
// Localhost Zones
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { lan; };
};
// Provide a reverse lookup for the loopback address
127.0.0.1
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { lan; };
};
// Home network zone.
zone "mylan.lan" IN {
type master;
file "named.mylan";
notify no;
allow-update { lan; };
};
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
