restore-domain DNS

Submitted by miner on Sun, 06/21/2009 - 15:50

When restoring a domain, using Bind9 views, the zone entry in named.conf.local includes the phrase:

allow-transfer { 127.0.0.1; localnets; };

inappropriately, and unwanted because I want the zones to inherit this configuration from their parent view.

Creation of new zones using Webmin does not do this, and behaves as expected and desired.

For the restore-domain reported here, the Webmin Bind configuration Zone Defaults are set as "Default" for both allow-transfer and allow-queries.

The target 'external' view is confiugred to allow queries from "any" and transfers from a configured ACL

Status: 
Closed (fixed)

Comments

Submitted by JamieCameron on Sun, 06/21/2009 - 18:49

At the moment there is no way to disable this - the allow-transfer block is added for any new domains, either created explicitly or via a restore. However, if you have extra DNS servers you'd like to appear in that list, they can be added at System Settings -> Server Templates -> Default Settings -> BIND DNS Domain -> Additional manually configured nameservers.

Does that help?

Submitted by miner on Mon, 06/22/2009 - 09:45

Jamie, I've recategorized this then as a feature request that allow-transfer not be forced, as allow-query is not forced, for those installations which declare these things in the parent view.

It can be a low priority request of course :)

In the meanwhile, I'll just delete those zone level statement since they take precedence over the configured view statements.

I allow transfers to anybody in a specific ACL, which includes only a keys statement. And in my case the same set of nameservers applies to all domains. I acknowledge that others may need to specify these things at the zone level rather than the view level.

Also, I'm still accustomed to configuring the system directly, and am still learning, and continuing to be favorably impressed by, Webmin and VIrtualmin operations.

Submitted by JamieCameron on Mon, 06/22/2009 - 12:34

In the next Virtualmin release, there will be an option at System Settings -> Server Templates -> Default Settings -> BIND DNS Domain to have it not add the also-notify and allow-transfer blocks..

Submitted by Issues on Mon, 07/06/2009 - 14:18

Automatically closed -- issue fixed for 2 weeks with no activity.