I like to allow zone transfers for newly created virtual servers by default. Currently I have to delete the allow-transfers section manually from the zone.
Is it possible not to add this at creation or migration of a new virtual server?
Is there any security risk in not restricting zone transfers?
You can set the defaults for the allow-transfer section by going into Webmin -> Servers -> BIND -> Zone Defaults, and set “Allow transfers from”.
As far as security concerns go – some people prefer to give out as little information as possible about the servers under their control. It sounds like a more common concern is that someone could initiate a DoS attack against your BIND server by initiating a large number of XFER requests.
If I recall correctly, Webmin’s default actually is to leave the “allow-transfer” empty, which effects that all hosts are allowed to transfer the zones.
It’s Virtualmin which adds that directive when creating a new zone for a domain under its control. That behavior can be changed in the server template, section BIND DNS Domain, entries Additional named.conf directives for new zones and Automatically add named.conf directives.