HPE Community
Operating System - Linux
1821537 Members
2438 Online
109633 Solutions
New Discussion юеВ

diff b/w allow-update and allow-transfer ?

 
SOLVED
Go to solution
Maaz
Valued Contributor

тАО03-24-2005 12:10 AM

тАО03-24-2005 12:10 AM

diff b/w allow-update and allow-transfer ?

Software: BIND 9.x

Hello Dear Gurus

le me know the diff b/w allow-update, and allow-transfer

zone "test.com" IN {
type master;
file "test.com.frwd"
allow-update { slave server's ip; };
};

zone "example.com IN {
type master;
file "example.com.frwd"
allow-transfer { slave server's ip; };
};
0 Kudos
Reply
5 REPLIES 5
Sergejs Svitnevs
Honored Contributor

тАО03-24-2005 12:53 AM

тАО03-24-2005 12:53 AM

Solution

Re: diff b/w allow-update and allow-transfer ?

allow-transfer - specifies which slave (or master) hosts are allowed to receive zone transfers from this server.

allow-update - specifies which hosts are allowed to submit Dynamic DNS updates (not whole zone!!) to the server.

Regards,
Sergejs
Reply
Maaz
Valued Contributor

тАО03-24-2005 04:45 AM

тАО03-24-2005 04:45 AM

Re: diff b/w allow-update and allow-transfer ?

Dear Sergejs Svitnevs i m highly thankful to u for such a prompt help/reply

I m really shocked/amazed. i have a master and a slave dns server, and instead of 'allow-transfer {slave's ip;};' i m using 'allow-update { slave's ip; };'. and amazingly my slave server is working fine, every record i add in the master's zone file, it will be automatically incremented in the slave server as well, although i m using "allow-update", instead of "allow-transfer" in the masters server /etc/named.conf

master's /etc/named.conf
zone "test.com" IN {
type master;
file "test.com.frwd";
allow-update { slave's ip;}; // see my mistake
};

slave's /etc/named.conf
zone "test.com" IN {
type slave;
file "test.com.frwd";
masters { master's ip;};
};

so if i should/must use allow-transfer in the master to updata/sync the slave, then why allow-update is working in the place of allow-transfer.

Thanks and Regards
Maaz
0 Kudos
Reply
kcpant
Trusted Contributor

тАО03-24-2005 05:16 PM

тАО03-24-2005 05:16 PM

Re: diff b/w allow-update and allow-transfer ?

Dear Maaz,

( I follow your threads :) ) , this is happening because allow-transfer option is on by-default, you only need to use allow-transfer option when you want to explicitly define which slave servers will get zone-transfer, which others will not. Right now allow transfer is on for all slave servers, and all slave servers will be allowed to get a zone-transfer.

The second thing I want to tell you is, do not use allow-update option unless you really need it, because it has some security risks.
PreSales Specialist
Reply
Sergejs Svitnevs
Honored Contributor

тАО03-24-2005 08:27 PM

тАО03-24-2005 08:27 PM

Re: diff b/w allow-update and allow-transfer ?

Because the default behaviour is to allow zone transfers to any host. You should prevent unauthorized zone transfer.

Check out the following link:
http://www.oreilly.com/catalog/dns4/chapter/ch11.html

Regards,
Sergejs
Reply
Maaz
Valued Contributor

тАО03-25-2005 05:43 AM

тАО03-25-2005 05:43 AM

Re: diff b/w allow-update and allow-transfer ?

Dear kcpant and Sergejs Svitnevs, u guys are great. Many Thanks for the feedbacks/support.

Many Thanks
Regards
Maaz
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.