Next: Configuring multiple interfaces, Previous: Slave configuration, Up: Knot DNS Configuration [Contents][Index]
You can specify which remotes to allow for outgoing XFR and NOTIFY zones.
remotes {
slave { address 127.0.0.1@53; }
any { address 0.0.0.0/0; }
subnet1 { address 192.168.1.0/8; }
subnet2 { address 192.168.2.0/8; }
}
zones {
example.com {
file "/var/zones/example.com";
xfr-out subnet1, subnet2; # allow outgoing transfers
notify-out slave;
update-in subnet1; # only allow DNS UPDATE from subnet1
}
}
You can also secure outgoing XFRs with TSIG.
keys {
key0 hmac-md5 "Wg=="; # keyname algorithm secret
}
remotes {
any { address 0.0.0.0/0; key key0; }
}
zones {
example.com {
file "/var/zones/example.com";
xfr-out any; # uses 'any' remote secured with TSIG key 'key0'
}
}