This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

How to get rid of allow-transfers

3 posts / 0 new

Topic locked

Last post

#1 Tue, 11/23/2010 - 12:33

Tortoise

How to get rid of allow-transfers

I like to allow zone transfers for newly created virtual servers by default. Currently I have to delete the allow-transfers section manually from the zone.

Is it possible not to add this at creation or migration of a new virtual server?

Is there any security risk in not restricting zone transfers?

#2 Tue, 11/23/2010 - 14:32

andreychek

You can set the defaults for the allow-transfer section by going into Webmin -> Servers -> BIND -> Zone Defaults, and set "Allow transfers from".

As far as security concerns go -- some people prefer to give out as little information as possible about the servers under their control. It sounds like a more common concern is that someone could initiate a DoS attack against your BIND server by initiating a large number of XFER requests.

-Eric

#3 Tue, 11/23/2010 - 14:43

Locutus

If I recall correctly, Webmin's default actually is to leave the "allow-transfer" empty, which effects that all hosts are allowed to transfer the zones.

It's Virtualmin which adds that directive when creating a new zone for a domain under its control. That behavior can be changed in the server template, section BIND DNS Domain, entries Additional named.conf directives for new zones and Automatically add named.conf directives.

Topic locked