Mention that the allow-transfer option has been extended

This commit updates both the reference manual and release notes with the information that 'allow-transfer' has been extended with additional "port" and "transport" options.
2025-08-31 06:25:31 +00:00 · 2021-11-23 15:04:51 +02:00
parent 3cd2ffc01f
commit 792ff02045
2 changed files with 15 additions and 1 deletions
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -2416,6 +2416,14 @@ for details on how to specify IP address lists.
   statement set in ``options`` or ``view``. If not specified, the
   default is to allow transfers to all hosts.

+   The transport level limitations can also be specified.  In
+   particular, zone transfers can be restricted to a specific port and
+   DNS transport protocol by using the options ``port`` and
+   ``transport``. Zone transfers are currently only possible via the
+   TCP and TLS transports; either option can be specified.
+
+   For example: ``allow-transfer port 853 transport tls { any; };``
+
 ``blackhole``
   This specifies a list of addresses which the server does not accept queries
   from or use to resolve a query. Queries from these addresses are not
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -35,7 +35,13 @@ Removed Features
 Feature Changes
 ~~~~~~~~~~~~~~~

- None.
+- The ``allow-transfers`` option was extended to accept additional
+  ``port`` and ``transport`` parameters, to further restrict zone
+  transfers to a particular port and DNS transport protocol. Either of
+  these options can be specified.
+
+  For example: ``allow-transfer port 853 transport tls { any; };``
+  :gl:`#2776`

 Bug Fixes
 ~~~~~~~~~