RE: [cobalt-users] Unapproved "approved zone transfer"

[Rodolfo Paiz <rpaiz@xxxxxxxxxxxxxx>]

> > I have
> >              allow-transfer { none; };
> >
> > in the file. So why would named hand out the zone?
> >
> Grasping at straws...
>
> Any chance the named.conf location has been changed on you?

Well, this took me six days to answer, but here we go...

First off, I'm an idiot. I have recently learned that I'm an idiot. And
by the way, did I mention that I'm an idiot? Dose of truth...

First sad fact: I haven't yet gotten around to learning how to write a
zonefile, so I've been doing master DNS on my Qube and setting that to
secondary. My (much faster) Red Hat server is slave DNS, but primary.
Part of the reason I thought my named.conf was messed up is because I
was getting zone transfers out of ns*2* and configuring ns*2*, but of
course when testing I would go and ask ns*1*. Oops.

Second sad fact: I did not, in fact, have an allow-transfer statement in
my named.conf... I had an allow-update statement and my memory failed
me. Today I got another approved unapproved zone transfer (from Turkey
this time) so I went hunting and discovered this.

Now... new question:

My DNS servers will no longer hand out zone-transfers. However, I can
still use dig to get a copy of every record in the zone. So, what have I
just gained?

--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>