DNS allow-transfer for unmanaged slaves

In the news post:


Joe mentions:

By default, new DNS zones only allow localhost, hosts on the local network and known slaves to transfer records.
I have a non-Virtualmin, non-Webmin server that is acting as a slave. I cannot change that server to install either Virtualmin nor Webmin. I have two questions:[ol][li]Can you tell me where to go in the Webmin or Virtualmin UI to allow the slave to be notified?[/li][li]Is there any provision in the UI to convert the servers that were created prior to 3.58 to conform to the new standards? Or, do I have to manually edit the /var/named/chroot/etc/named.conf file?[/li][/ol]

Look in Webmin:Servers:BIND DNS Server.

Click on Zone Defaults

Set Allow transfers from… to include your slave server(s).

See also: http://doxfer.com/Webmin/BINDDNSServer#Editing_zone_defaults

You’ll need to set this in the existing zones. I don’t think there is a trivial way to do that. Theoretically you could disable and enable DNS service for them, using the command line tools, but if you’ve ever modified the zones manually, it’d cause some breakage.

Oops… that first codeblock should show:

… transfer of ‘domain.com/IN’ from ipaddress… REFUSED

I did as you suggested, however I still get:[code:1]… transfer of ‘domain.com/IN’ from ipaddress#53: failed while receiving responses: REFUSED[/code:1]It is only when I either remove the allow-transfer lines from /var/named/chroot/etc/named.conf for a specific domain:[code:1]zone “domain.com” {
type master;
file “/var/named/domain.com.hosts”;
allow-transfer {;
}[/code:1]that transfers to the slave succeed. Alternatively, manually adding the slave IP to the above and restarting named does succeed in allowing the slave to pick up the zone data from the Virtualmin master.

The procedure you mentioned adds only the allow-transfer directive in the options block of the named.conf file.

So, is it the case that the allow-transfer directive in the zone block overrides (and therefore ignores) the allow-transfer directive in the options block? If this is the case, then it would seem to be preferable to update only the options block with the allow-transfer directive.