[clug] Debian update - Bind config
Rasjid Wilcox
rasjidw at openminddev.net
Sun May 18 20:31:06 EST 2003
Thanks to all who responded. The update went quite smoothly, although I now
have one more resulting question.
Bind was upgraded, and the configuration files all got moved around and
modified automatically. I know almost nothing about Bind, but everything
looked okay, except for the following issue.
The new named.conf had the following lines, that were not in the original
named.conf:
acl "companyxyz" { www.xxx.yyy.zzz; www.xxx.yyy.zzz; }; <-- NEW LINE
and then later in the file:
zone "some.domain" {
type master;
file "/etc/bind/named.some.doman";
allow-transfer { companyxyz; }; <-- NEW LINE
};
The 'acl' and 'allow-transfer' lines were added into the config file during
the upgrade process. I have read through the named.conf man page, and it is
still not obvious to me whether these changes are desirable and should be
left in, or should be commented out. Given that the man page says:
allow-transfer
... If not specified, the default is to allow transfers
from all hosts.
then it looks to me like this is a more secure arrangement, but I'm really
just guessing here. On the other hand, perhaps this is saying to publish
information that was previously not being published, which would be bad.
For the moment I have left them in, on the assumption that the upgrade process
seemed to do everything else right, so lets not interfere unless I know what
I'm dong. :-)
Any insight into this greatly appreciated.
Thanks,
Rasjid.
--
Rasjid Wilcox
Canberra, Australia UTC + 10
http://www.openminddev.net
More information about the linux
mailing list