mirror of
https://github.com/isc-projects/bind9.git
synced 2026-04-15 22:09:31 -04:00
c3d3d12911
Changed the default value for 'allow-transfer' to 'none'; zone transfers now require explicit authorization. Updated all system tests to specify an allow-transfer ACL when needed. Revised the ARM to specify that the default is 'none'.
67 lines
1.3 KiB
Text
67 lines
1.3 KiB
Text
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
// NS2
|
|
|
|
include "../../_common/rndc.key";
|
|
|
|
controls {
|
|
inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
|
|
};
|
|
|
|
options {
|
|
query-source address 10.53.0.2;
|
|
notify-source 10.53.0.2;
|
|
transfer-source 10.53.0.2;
|
|
port @PORT@;
|
|
pid-file "named.pid";
|
|
listen-on { 10.53.0.2; };
|
|
listen-on-v6 { none; };
|
|
allow-transfer { any; };
|
|
recursion no;
|
|
notify yes;
|
|
notify-delay 0;
|
|
allow-new-zones yes;
|
|
dnssec-validation no;
|
|
};
|
|
|
|
zone "bits" {
|
|
type primary;
|
|
file "bits.db";
|
|
allow-update { any; };
|
|
};
|
|
|
|
zone "retransfer" {
|
|
type primary;
|
|
file "retransfer.db";
|
|
allow-update { any; };
|
|
notify no;
|
|
};
|
|
|
|
zone "nsec3-loop" {
|
|
type primary;
|
|
file "nsec3-loop.db";
|
|
notify no;
|
|
};
|
|
|
|
zone "nokeys" {
|
|
type primary;
|
|
file "nokeys.db";
|
|
allow-update { any; };
|
|
};
|
|
|
|
zone "removedkeys-secondary" {
|
|
type primary;
|
|
file "removedkeys-secondary.db";
|
|
allow-update { any; };
|
|
};
|