BIND allow-transfers and firewall

3 posts / 0 new

Topic locked

#1 Sun, 02/22/2009 - 12:13

mdtiberi

BIND allow-transfers and firewall

If I set allow-transfers in BIND to a given set of ips then must I also open those addresses in iptables?

I use a secondary DNS server in which I need to allow transfers but I am getting tons of FORMERR errors in my logs and wondering if it is due to the firewall.

#2 Sun, 02/22/2009 - 16:00

andreychek

Well, you do need to make sure the firewall is open, sure.

Where are you seeing the errors though, on primary DNS server, or the secondary?
-Eric

#3 Mon, 02/23/2009 - 13:37

mdtiberi

I tried to setup allow-transfers globally but it seems that one can only do forwarding from this option. I had to go to zone defaults for each zone to setup transfers only. Unless I missed a "Global" way to do it.

Topic locked