mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

improved documentation

Browse Source
This commit is contained in:
Evan Hunt
2018-08-30 00:48:44 -07:00
parent 27f3a210d7
commit 33bca30a55
1 changed files with 56 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
doc/arm/Bv9ARM-book.xml
View File

@@ -7053,18 +7053,24 @@ options {
<term><command>allow-notify</command></term> <term><command>allow-notify</command></term>
<listitem> <listitem>
<para> <para>
Specifies which hosts are allowed to This ACL specifies which hosts may send NOTIFY messages
notify this server, a slave, of zone changes in addition to inform this server of changes to zones for which it
to the zone masters. is acting as a secondary server. This is only
<command>allow-notify</command> may also be applicable for secondary zones (i.e., type
specified in the <literal>secondary</literal> or <literal>slave</literal>).
<command>zone</command> statement, in which case </para>
it overrides the <para>
<command>options allow-notify</command> If this option is set in <command>view</command> or
statement. It is only meaningful <command>options</command>, it is globally applied to
for a slave zone. If not specified, the default is to all secondary zones. If set in the <command>zone</command>
process notify messages statement, the global value is overridden.
only from a zone's master. </para>
<para>
If not specified, the default is to process NOTIFY
messages only from the configured
<command>masters</command> for the zone.
<command>allow-notify</command> can be used to expand the
list of permitted hosts, not to reduce it.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@@ -7199,11 +7205,16 @@ options {
<term><command>allow-update</command></term> <term><command>allow-update</command></term>
<listitem> <listitem>
<para> <para>
Specifies which hosts are allowed to When set in the <command>zone</command> statement for
submit Dynamic DNS updates for master zones. The default is a master zone, specifies which hosts are allowed to
to deny submit Dynamic DNS updates to that zone. The default
updates from all hosts. Note that allowing updates based is to deny updates from all hosts. This can only
on the requestor's IP address is insecure; see be set at the <command>zone</command> level, not in
<command>options</command> or <command>view</command>.
</para>
<para>
Note that allowing updates based on the
requestor's IP address is insecure; see
<xref linkend="dynamic_update_security"/> for details. <xref linkend="dynamic_update_security"/> for details.
</para> </para>
</listitem> </listitem>
@@ -7213,29 +7224,30 @@ options {
<term><command>allow-update-forwarding</command></term> <term><command>allow-update-forwarding</command></term>
<listitem> <listitem>
<para> <para>
Specifies which hosts are allowed to When set in the <command>zone</command> statement for
submit Dynamic DNS updates to slave zones to be forwarded to a slave zone, specifies which hosts are allowed to
the submit Dynamic DNS updates and have them be forwarded
master. The default is <userinput>{ none; }</userinput>, to the master. The default is
which <userinput>{ none; }</userinput>, which means that no
means that no update forwarding will be performed. To update forwarding will be performed. This can only be
enable set at the <command>zone</command> level, not in
update forwarding, specify <command>options</command> or <command>view</command>.
</para>
<para>
To enable update forwarding, specify
<userinput>allow-update-forwarding { any; };</userinput>. <userinput>allow-update-forwarding { any; };</userinput>.
Specifying values other than <userinput>{ none; }</userinput> or in the <command>zone</command> statement.
<userinput>{ any; }</userinput> is usually Specifying values other than <userinput>{ none; }</userinput>
counterproductive, since or <userinput>{ any; }</userinput> is usually
the responsibility for update access control should rest counterproductive; the responsibility for update
with the access control should rest with the master server, not
master server, not the slaves. the slave.
</para> </para>
<para> <para>
Note that enabling the update forwarding feature on a slave Note that enabling the update forwarding feature on a slave
server server may expose master servers to attacks if they rely
may expose master servers relying on insecure IP address on insecure IP-address-based access control; see
based <xref linkend="dynamic_update_security"/> for more details.
access control to attacks; see <xref linkend="dynamic_update_security"/>
for more details.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@@ -7259,13 +7271,14 @@ options {
<term xml:id="allow_transfer_term"><command>allow-transfer</command></term> <term xml:id="allow_transfer_term"><command>allow-transfer</command></term>
<listitem> <listitem>
<para> <para>
Specifies which hosts are allowed to Specifies which hosts are allowed to receive zone
receive zone transfers from the server. <command>allow-transfer</command> may transfers from the server. <command>allow-transfer</command>
also be specified in the <command>zone</command> may also be specified in the <command>zone</command>
statement, in which statement, in which case it overrides the
case it overrides the <command>options allow-transfer</command> statement. <command>allow-transfer</command> statement set in
If not specified, the default is to allow transfers to all <command>options</command> or <command>view</command>.
hosts. If not specified, the default is to allow transfers to
all hosts.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>