dns-more than I ever wanted to know...

mailing lists at MacTutor lists at mactutor.biz
Fri Sep 24 07:40:32 PDT 2004 

Steve,

Thanks a bunch! This is a great help. I'm not clear on the use of 
allow-transfer. Reading the  manpage for named.conf(5), I'm tempted to 
leave it out. But, I'm not fully understanding the use of it. The 
manpage says,

allow-transfer
   Specifies which hosts are allowed to receive zone transfers from the
   server.  allow-transfer may also be specified in the zone statement,
   in which case it overrides the options allow-transfer statement.  If
   not specified, the default is to allow transfers from all hosts.

I'm taking "which hosts are allowed to receive zone transfers from the 
server" to mean hosts on my local network and the server is the DNS 
server I'm setting up now. I don't want my zone information going out 
to the internet (my isp), but I do want to let it in (of course). I 
failed to mention that the machine acting as DNS inside my network 
is/will be configured as a gateway. (QUESTION: I have vr0 and vr1. Does 
it matter which interface I face toward the internet?) Perhaps this 
doesn't matter as long as the DNS server is pointing to/resolving for 
the inside (local) network interface (10.0.0.1). Let me make this more 
clear. I have the following (typical?) small office setup:

          ---------
             ISP                <--- monopolists
          ----+----
              |
              |
              |
            (vr1)               <--- DHCP'd from ISP
     ----------------------
      FreeBSD 4.10 gateway
     ----------------------
            (vr0)               <--- 10.0.0.1
              |                      DNS,ipfw,natd,httpd
              |
              |
    {... local network ...}

So, all this just to clarify allow-transfer. :) My questions go deeper 
than DNS. But, I'm trying to figure out the rest myself.

Thanks,

Alex


On Sep 24, 2004, at 9:57 AM, Steve Bertrand wrote:

> <snip>
> ... and then add a record for a domain.
>
> zone "domain.com" {
>         type master;
>         file "domain.com.zone";
>         allow-transfer { 192.168.0.3; }; // This is your secondary DNS
>         allow-update { none; };
> };
>
> <snip>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Alexander Sendzimir (owner)                    802 863 5502
  MacTutor: Apple Mac OS X Consulting       info at mactutor.biz

More information about the freebsd-questions mailing list