Re: dns-more than I ever wanted to know...

[mailing lists at MacTutor]

Steve,
Thanks a bunch! This is a great help. I'm not clear on the use of 
allow-transfer. Reading the  manpage for named.conf(5), I'm tempted to 
leave it out. But, I'm not fully understanding the use of it. The 
manpage says,

allow-transfer
  Specifies which hosts are allowed to receive zone transfers from the
  server.  allow-transfer may also be specified in the zone statement,
  in which case it overrides the options allow-transfer statement.  If
  not specified, the default is to allow transfers from all hosts.
I'm taking "which hosts are allowed to receive zone transfers from the 
server" to mean hosts on my local network and the server is the DNS 
server I'm setting up now. I don't want my zone information going out 
to the internet (my isp), but I do want to let it in (of course). I 
failed to mention that the machine acting as DNS inside my network 
is/will be configured as a gateway. (QUESTION: I have vr0 and vr1. Does 
it matter which interface I face toward the internet?) Perhaps this 
doesn't matter as long as the DNS server is pointing to/resolving for 
the inside (local) network interface (10.0.0.1). Let me make this more 
clear. I have the following (typical?) small office setup:

         ---------
            ISP                <--- monopolists
         ----+----
             |
             |
             |
           (vr1)               <--- DHCP'd from ISP
    ----------------------
     FreeBSD 4.10 gateway
    ----------------------
           (vr0)               <--- 10.0.0.1
             |                      DNS,ipfw,natd,httpd
             |
             |
   {... local network ...}
So, all this just to clarify allow-transfer. :) My questions go deeper 
than DNS. But, I'm trying to figure out the rest myself.

Thanks,
Alex
On Sep 24, 2004, at 9:57 AM, Steve Bertrand wrote:
<snip>
... and then add a record for a domain.
zone "domain.com" {
        type master;
        file "domain.com.zone";
        allow-transfer { 192.168.0.3; }; // This is your secondary DNS
        allow-update { none; };
};
<snip>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 Alexander Sendzimir (owner)                    802 863 5502
 MacTutor: Apple Mac OS X Consulting       [EMAIL PROTECTED]
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"