What directive can be used in named.conf to restrict zone transfers to the 192.168.1.0/24 network?
Answer: allowtransfer {
Explanation:
192.168.1.0/24; };
What directive can be used in named.conf to restrict zone transfers to the 192.168.1.0/24 network?
What directive can be used in named.conf to restrict zone transfers to the 192.168.1.0/24 network?
allow-transfer {…;};
too see question 60
The correct answer is allow-transfer {192.168.1.0/24; };
allow-transfer defines a match list IP address(es) that are allowed to transfer (copy) the zone information from the server (master or slave for the zone).
Restricting zone transfers
In order for your slave server(s) to be able to answer queries about your domain, they must be able to transfer the zone information from your primary server.Therefore restrict zone transfers using the allow-transfer option, assuming 192.168.1.4 is the IP address of ns.example.org and adding yourself for debugging purposes:
zone “example.org” {
allow-transfer { 192.168.1.4; localhost; };
};
By restricting zone transfers you ensure that the only information available to people is that which they ask for directly – no one can just ask for all the details about your set-up.
———————————————————————–
-The question 60 is a different question, for example
Queries – statements controlling query behavior
Transfer – statements controlling zone transfer and DNS behavior
allow-query defines an match list of IP address(es) which are allowed to issue queries to the server. If not specified all hosts are allowed to make queries (defaults to allow-query {any;};).
Another example HERE
————————————————————————
Name servers let you restrict zone transfers to slave name servers that include a correct transaction signature with their request. On the master name server, you need to define the key in a key statement and then specify the key in the address match list:
key terminator-wormhole. {
algorithm hmac-md5;
secret “UNd5xYLjz0FPkoqWRymtgI+paxW927LU/gTrDyulJRI=”;
};
zone “movie.edu” {
type master;
file “db.movie.edu”;
allow-transfer { key terminator-wormhole.; };
};
On the slave’s end, you need to configure the slave to sign zone transfer requests with the same key:
key terminator-wormhole. {
algorithm hmac-md5;
secret “UNd5xYLjz0FPkoqWRymtgI+paxW927LU/gTrDyulJRI=”;
};
server 192.249.249.3 {
keys { terminator-wormhole.; }; // sign all requests to 192.249.249.3
// with this key
};
zone “movie.edu” {
type slave;
masters { 192.249.249.3; };
file “bak.movie.edu”;
};
For a primary master name server accessible from the Internet, you probably want to limit zone transfers to just your slave name servers.
Info from
http://www.tldp.org/HOWTO/DNS-HOWTO-6.html
http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch11_02.htm
Correct answer is
allow-transfer {192.168.1.0/24; };
Restricting zone transfers
In order for your slave server(s) to be able to answer queries about your domain, they must be able to transfer the zone information from your primary server. Very few others have a need to do so. Therefore restrict zone transfers using the allow-transfer option, assuming 192.168.1.4 is the IP address of ns.friend.bogus and adding yourself for debugging purposes:
zone “linux.bogus” {
allow-transfer { 192.168.1.4; localhost; };
};
By restricting zone transfers you ensure that the only information available to people is that which they ask for directly – no one can just ask for all the details about your set-up.
The question 60 is a different question.
info here
http://www.tldp.org/HOWTO/DNS-HOWTO-6.html
http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch11_02.htm