13 Oct
2010
13 Oct
'10
10 p.m.
If I want all DNS requests to go through Bitfolk's nameservers, should I
remove ns.ilovephilosophy.com from the zone file? Or will that break
it? Is using allow-transfers enough to make my DNS server a 'stealth
primary'?
Andy Smith wrote:
Hi Michael,
On Wed, Oct 13, 2010 at 04:52:05PM -0400, Michael Corliss wrote:
Will adding the following to the zone record
allow AXFR? or can I replace
allow-transfer with allow-axfr and leave off the provide-ixfr line?
allow-transfer {
127.0.0.1;
212.13.194.70;
209.237.247.198;
209.20.91.73;
};
You're right, it's -transfer not -axfr.
provide-ixfr no ;
ixfr generally only works with zones that are updated using dynamic
updates, rather than by editing zone files, so there isn't going to
be any advantage to turning that on.
I noticed that some of the nameservers have the
same IPs as the old ones;
would a request for ilovephilosophy.com sent to ns0.lon.bitfolk.com be
successfully delivered through a.authns.bitfolk.com during the interim
until my registrar updates the nameservers for ilovephilosophy.com?
Yes, as long as the packets end up at the correct IP address it's
fine.
and will the following input and output rules in
iptables suffice to
allow zone transfers:
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
Should do.
Cheers,
Andy
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users