How to get rid of allow-transfers

I like to allow zone transfers for newly created virtual servers by default. Currently I have to delete the allow-transfers section manually from the zone.

Is it possible not to add this at creation or migration of a new virtual server?

Is there any security risk in not restricting zone transfers?

You can set the defaults for the allow-transfer section by going into Webmin -> Servers -> BIND -> Zone Defaults, and set “Allow transfers from”.

As far as security concerns go – some people prefer to give out as little information as possible about the servers under their control. It sounds like a more common concern is that someone could initiate a DoS attack against your BIND server by initiating a large number of XFER requests.


If I recall correctly, Webmin’s default actually is to leave the “allow-transfer” empty, which effects that all hosts are allowed to transfer the zones.

It’s Virtualmin which adds that directive when creating a new zone for a domain under its control. That behavior can be changed in the server template, section BIND DNS Domain, entries Additional named.conf directives for new zones and Automatically add named.conf directives.