29 Říj
2014
29 Říj
'14
8:54
Hello Rainer,
outgoing transfers are controlled by the 'xfr-out' zone config option.
AXFR and IXFR are not differentiated when checking permissions. IXFR can be
disabled in per-zone manner only - consult the 'ixfr-from-differences' config
option in our documentation [1].
The config might look like this:
remotes {
customer { address 1.2.3.4; }
slave_server { address 1.1.1.1@53; key key0; }
...
}
zones {
example.com {
#ixfr-from-differences off;
xfr-out slave_server, customer;
notify-out slave_server;
...
}
}
Best regards,
Jan
[1] https://www.knot-dns.cz/static/documentation/html/reference.html
On Wednesday 29 of October 2014 01:26:34 Rainer Duffner wrote:
Hi,
is it possible to allow certain IPs to AXFR all zones?
I need this for our helpdesk, so they can send zonefiles to customers etc.
I don’t want knot to send ixfrs etc. to these IPs.
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users