Hi,
i have made a migration of my server to a new one and i need to change the secondary NS server as well.
This new secondary server was not able to get the SOA from my Virtualmin server
I have found that the reason was the Allow Transfer setting for Bind which was still on the old Secondary Server.
Is there a way to change the ip in all conf files or should i go in each Allow Transfer ?
And can i use a DNS in Allow Transfer or IP only ?
Thanks
By default, all IPs that are mentioned as slave NS as per the zone file, are allowed to pull a zone transfer. So technically, no “Allow-Transfer” is required at all for those. You only need to allow-transfer if you have additional nameservers, or special IPs, that are not listed as NS.
If you have those, you can put the allow-transfer directive in BIND’s global options file instead of the options for each zone.
EDIT: Sorry, I mixed up “allow-transfer” and “also-notify” up there. Notifies are automatically sent to all slave NS, but you indeed need to allow them to do zone transfers. If no IPs are listed for zone transfer, EVERYONE can do transfers.
So, you could put this in the options{ block of named.conf.options, 5.5.6.6 being an example IP.
allow-transfer {
127.0.0.1;
localnets;
5.5.6.6;
};
Hello,
thanks that’s what i have done
but i did not remember having done that the first time. I thought there was a place in Virtualmin to add a Allow Transfer ip on all sites at once
Well, there kinda is, you can add such directives in the Server Template. But putting it in BIND’s global section is even better in this case. 