Riccardo Castellani wrote:
I'm using 3 dns servers with Bind bind-9.2.2.P3-9
Master A (domain1 + domain2)
Slave B (domain1)
Slave C (domain2)
Now I'm migrating master A to Bind 9.5.1.dfsg.P3-1 together OS (Debian
Lenny) so I'm interesting to know if there is some incompatible
settings from/to slave servers.
For example in slave B,C there is no setting about "auth-nxdomain
directive" while in server A I found set "auth-nxdomain no";
According to the ARM, no change from 9.2.x to 9.5.x. The default is
still "no", so "auth-nxdomain no" is technically redundant. Some folks
like to make everything explicit, while others like to keep their
configs as minimal as possible and therefore go with default settings
wherever possible; it's a matter of personal preference.
I have to specify in server A these 2 options to permit only zones
transfer to these only 2 servers ?
allow-transfer { IpServerB }
allow-transfer { IpServerC }
According to the ARM, no change from 9.2.x to 9.5.x. The default is
still to allow all zone transfers. Note that if you use TSIG keys for
authenticating zone transfers, you can re-address your slaves at will
without having to keep your allow-transfer clauses up to date to match.
Generally speaking, key-based security is stronger than
source-address-based security anyway.
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
