Path: csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!nx01.iad01.newshosting.com!newshosting.com!news-out.readnews.com!transit3.readnews.com!panix!usenet.stanford.edu!not-for-mail
From: =?UTF-8?Q?Aleksander_Kurczyk?= <aleksanderkurczyk@o2.pl>
Newsgroups: comp.protocols.dns.bind
Subject: =?UTF-8?Q?Re:_Securing_zone_transfer_and_DDNS?=
Date: Thu, 10 Nov 2011 17:19:05 +0100
Lines: 56
Approved: bind-users@lists.isc.org
Message-ID: <mailman.48.1320941998.68562.bind-users@lists.isc.org>
References: <21ed7915.4729b742.4eb72f52.7f82@o2.pl> <32DD7227-7F82-4D63-A4BF-D038031CCB1A@isc.org> <85ecc83.4a6e4d68.4eb81652.18c6d@o2.pl> <20111107230426.1A07F16D8A25@drugs.dv.isc.org>
NNTP-Posting-Host: lists.isc.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Trace: usenet.stanford.edu 1320941998 13999 149.20.64.75 (10 Nov 2011 16:19:58 GMT)
X-Complaints-To: action@cs.stanford.edu
To: bind-users@isc.org
Return-Path: <aleksanderkurczyk@o2.pl>
X-Original-To: bind-users@lists.isc.org
Delivered-To: bind-users@lists.isc.org
In-Reply-To: <20111107230426.1A07F16D8A25@drugs.dv.isc.org>
X-Originator: 95.160.160.157
X-Spam-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM, SARE_SUB_ENC_UTF8,T_TO_NO_BRKTS_FREEMAIL autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx.ams1.isc.org
X-BeenThere: bind-users@lists.isc.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe: <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive: <https://lists.isc.org/pipermail/bind-users>
List-Post: <mailto:bind-users@lists.isc.org>
List-Help: <mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe: <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
Xref: x330-a1.tempe.blueboxinc.net comp.protocols.dns.bind:88

Thanks=20everybody=20for=20the=20answers.
I=20have=20one=20more=20question=20-=20how=20can=20I=20block=20every=20up=
date=20for=20every=20zone=20in=20options=20section=20using=20update-polic=
y?

logging=20{=20...=20};

options=20{
=20=20=20=20=20=20=20=20directory=20"/var/named";
=20=20=20=20=20=20=20=20dnssec-enable=20yes;
=20=20=20=20=20=20=20=20recursion=20yes;
=20=20=20=20=20=20=20=20allow-recursion=20{=20127.0.0.1;=20};
=20=20=20=20=20=20=20=20allow-transfer=20{=20none;=20};
=20=20=20=20=20=20=20=20allow-update=20{=20none;=20};=20<<<<<<<<<<<<<<<<
};

key=20"rndc-key"=20{=20...=20};

controls=20{
=20=20=20=20=20=20=20=20inet=20127.0.0.1=20port=20953
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20allow=20{=20127.0.0.1;=20=
}=20keys=20{=20"rndc-key";=20};
};

key=20"transfer-key"=20{=20...=20};

key=20"ddns-key"=20{=20...=20};

zone=20"."=20IN=20{
=20=20=20=20=20=20=20=20type=20hint;
=20=20=20=20=20=20=20=20file=20"named.ca";
};

zone=20"localhost"=20IN=20{
=20=20=20=20=20=20=20=20type=20master;
=20=20=20=20=20=20=20=20file=20"localhost.zone";
};

zone=20"0.0.127.in-addr.arpa"=20IN=20{
=20=20=20=20=20=20=20=20type=20master;
=20=20=20=20=20=20=20=20file=20"named.local";
};

zone=20"my.zone"=20IN=20{
=20=20=20=20=20=20=20=20type=20master;
=20=20=20=20=20=20=20=20file=20"my.zone";
=20=20=20=20=20=20=20=20allow-transfer=20{=20key=20transfer-key;=20};
=20=20=20=20=20=20=20=20update-policy=20{
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20grant=20ddns-key=20zonesu=
b=20ANY;
=20=20=20=20=20=20=20=20};
};

--=20
Pozdrawiam,
Aleksander=20Kurczyk