SecuritySpace

BIND Option: allow-transfer

The option allow-transfer defines a list of addresses that are sequentially checked for the purpose of determine what IP addresses are to be allowed (or denied) the ability to transfer (copy) zone information for a domain.

You may enter the a match list as one would normally enter in a BIND zone file, and as illustrated in the examples below. Specific things to note are as follows:

List items are checked sequentially one after another, and the first one to match will result in termination of any further checks.
Two special keywords, any and none can be used to provide blanket restrictions or access. (The default is to allow anyone to perform a zone transfer.)
A leading '!' will negate a match.

Examples

1. Deny zone transfer to all:

    none;

2. Deny zone transfer to all but one IP address:

    67.213.90.23; none;

3. Deny zone transfer to all but SecuritySpace's name servers (useful if you are using us as slaves, but still want to deny zone transfers to everyone else):

    67.213.90.23; 23.81.27.115; 74.84.129.36; 64.251.14.68; 195.154.49.37; none;

4. Allow one network (with one IP excepted) access:

    !69.28.197.242; 69.28.197.0/24; none;

The above example will disallow zone transfers to be done for IP address 69.28.197.242, will allow the remainder of this /24 to perform zone transfers, and everyone else will be disallowed.

5. Allow anyone access:

    any;