Date: Fri, 24 Sep 2004 10:40:22 -0400 From: mailing lists at MacTutor <lists@mactutor.biz> To: "Steve Bertrand" <iaccounts@ibctech.ca> Cc: freebsd-questions-en questions <freebsd-questions@freebsd.org> Subject: Re: dns-more than I ever wanted to know... Message-ID: <AA372B6E-0E37-11D9-9D1D-000A95775140@mactutor.biz> In-Reply-To: <3891.209.167.16.15.1096034259.squirrel@209.167.16.15> References: <BA89A132-0E2B-11D9-9D1D-000A95775140@mactutor.biz> <3891.209.167.16.15.1096034259.squirrel@209.167.16.15>
next in thread | previous in thread | raw e-mail | index | archive | help
Steve,
Thanks a bunch! This is a great help. I'm not clear on the use of
allow-transfer. Reading the manpage for named.conf(5), I'm tempted to
leave it out. But, I'm not fully understanding the use of it. The
manpage says,
allow-transfer
Specifies which hosts are allowed to receive zone transfers from the
server. allow-transfer may also be specified in the zone statement,
in which case it overrides the options allow-transfer statement. If
not specified, the default is to allow transfers from all hosts.
I'm taking "which hosts are allowed to receive zone transfers from the
server" to mean hosts on my local network and the server is the DNS
server I'm setting up now. I don't want my zone information going out
to the internet (my isp), but I do want to let it in (of course). I
failed to mention that the machine acting as DNS inside my network
is/will be configured as a gateway. (QUESTION: I have vr0 and vr1. Does
it matter which interface I face toward the internet?) Perhaps this
doesn't matter as long as the DNS server is pointing to/resolving for
the inside (local) network interface (10.0.0.1). Let me make this more
clear. I have the following (typical?) small office setup:
---------
ISP <--- monopolists
----+----
|
|
|
(vr1) <--- DHCP'd from ISP
----------------------
FreeBSD 4.10 gateway
----------------------
(vr0) <--- 10.0.0.1
| DNS,ipfw,natd,httpd
|
|
{... local network ...}
So, all this just to clarify allow-transfer. :) My questions go deeper
than DNS. But, I'm trying to figure out the rest myself.
Thanks,
Alex
On Sep 24, 2004, at 9:57 AM, Steve Bertrand wrote:
> <snip>
> ... and then add a record for a domain.
>
> zone "domain.com" {
> type master;
> file "domain.com.zone";
> allow-transfer { 192.168.0.3; }; // This is your secondary DNS
> allow-update { none; };
> };
>
> <snip>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Alexander Sendzimir (owner) 802 863 5502
MacTutor: Apple Mac OS X Consulting info@mactutor.biz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AA372B6E-0E37-11D9-9D1D-000A95775140>