Samba 4 internal DNS question
Marc Muehlfeld
samba at marc-muehlfeld.de
Mon Feb 4 14:17:12 MST 2013
Am 04.02.2013 22:10, schrieb Marc Muehlfeld:
> After I tried that against my samba DC I wondered, that every host can start a
> zone transfer. On all my other zones I have configured, that transfers are
> only allowed from slave servers.
>
> I tried adding "allow-transfer { 192.168.29.4; };" to
> /usr/local/samba/private/named.conf, that was generated during provision. But
> then named don't start any more.
I forgot to say, that I also have the global option
options {
...
allow-transfer { none; };
...
};
in my named.conf. But then the Bind DLZ module doesn't respect this, or do I
miss something?
> Is there a special reason that everyone have to be able to start a zone
> transfer against the samba domain?
>
> Wouldn't it be better for security reasons to disable zone transfers per default?
Regards,
Marc
More information about the samba-technical
mailing list