Please re-open bugreport #9634 - Samba Bind DLZ module allows zone transfers for everyone

Amitay Isaacs amitay at
Sun Jun 30 08:24:41 MDT 2013

On Sat, Jun 29, 2013 at 5:03 PM, Kai Blin <kai at> wrote:

> On 28/06/13 20:19, Marc Muehlfeld wrote:
>> Hello,
>> can a developer please re-open the bugreport #9634,? Kai closed it,
>> because the said, that it's a BIND bug and I should contact ISC.
>> But it's not a bug/problem in BIND. I attached the reply from ISC with
>> some information where the problem seems to be located.
> Reopened, and thanks for tracking this.

DLZ module currently allows zone transfers for all existing zones to all
IPs.  To add any access control, we will need to store additional zone
specific information which is not part of AD.  Since this is configurable
for each zone, adding configuration parameters may not be a good idea.
Ideal would be if we can store this information in a tdb file.  Then we can
support more DNS features.

That will also mean we need to create a common library for accessing DNS
information for internal DNS server, BIND DLZ module and DNS RPC server.
Otherwise we will end up creating different implementations (as we have now
for accessing DNS information from AD).


More information about the samba-technical mailing list