BIND – Povolit AXFR

Výchozí nastavení

root@server-89-221-220-56:/etc/bind# more named.conf.options
options {
    allow-transfer { none; };
    ... další konfigurace ...
};

 

root@server-89-221-220-56:/etc/bind# dig @89.221.220.56 ds-domena-017.pl AXFR

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> @89.221.220.56 ds-domena-017.pl AXFR
; (1 server found)
;; global options: +cmd
; Transfer failed.

 

Povolení AXFR

Úprava souboru named.conf.options

root@server-89-221-220-56:/etc/bind# more named.conf.options
options {
    allow-transfer { 46.28.104.64/27; };
    also-notify { 46.28.104.64; };
    ... další konfigurace ...
};

 

Úprava zónového souboru

  • pokud se nastavení liší od globálního, nebo pokud chci pro každou zónu jiné nastavení AXFR

zone "example.com" IN {
    type master;
    file "/etc/bind/zones/example.com.db";

    allow-transfer { 192.0.2.10; };
    also-notify { 192.0.2.10; 198.51.100.5; };
};

 

Restart služby BIND

root@server-89-221-220-56:/etc/bind# systemctl restart named

 

Zobrazení nastavení AXFR pomocí dig AXFR

root@server-89-221-220-56:/etc/bind# dig @89.221.220.56 ds-domena-017.pl AXFR

; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> @89.221.220.56 ds-domena-017.pl AXFR
; (1 server found)
;; global options: +cmd
ds-domena-017.pl. 3600 IN SOA ns1.server-89-221-220-56.da.direct. hostmaster.ds-domena-017.pl. 2025051523 3600 3600 1209600 86400
ds-domena-017.pl. 3600 IN MX 10 mail.ds-domena-017.pl.
ds-domena-017.pl. 3600 IN TXT "v=spf1 a mx ip4:89.221.220.56 ~all"
ds-domena-017.pl. 3600 IN A 89.221.220.56
ds-domena-017.pl. 3600 IN NS ns1.server-89-221-220-56.da.direct.
ds-domena-017.pl. 3600 IN NS ns2.server-89-221-220-56.da.direct.
aaa.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.aaa.ds-domena-017.pl. 3600 IN A 89.221.220.56
bbb.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.bbb.ds-domena-017.pl. 3600 IN A 89.221.220.56
ccc.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.ccc.ds-domena-017.pl. 3600 IN A 89.221.220.56
ddd.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.ddd.ds-domena-017.pl. 3600 IN A 89.221.220.56
eee.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.eee.ds-domena-017.pl. 3600 IN A 89.221.220.56
fff.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.fff.ds-domena-017.pl. 3600 IN A 89.221.220.56
ftp.ds-domena-017.pl. 3600 IN A 89.221.220.56
ggg.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.ggg.ds-domena-017.pl. 3600 IN A 89.221.220.56
hhh.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.hhh.ds-domena-017.pl. 3600 IN A 89.221.220.56
iii.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.iii.ds-domena-017.pl. 3600 IN A 89.221.220.56
jjj.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.jjj.ds-domena-017.pl. 3600 IN A 89.221.220.56
kkk.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.kkk.ds-domena-017.pl. 3600 IN A 89.221.220.56
lll.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.lll.ds-domena-017.pl. 3600 IN A 89.221.220.56
mail.ds-domena-017.pl. 3600 IN A 89.221.220.56
mmm.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.mmm.ds-domena-017.pl. 3600 IN A 89.221.220.56
nnn.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.nnn.ds-domena-017.pl. 3600 IN A 89.221.220.56
ooo.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.ooo.ds-domena-017.pl. 3600 IN A 89.221.220.56
pop.ds-domena-017.pl. 3600 IN A 89.221.220.56
ppp.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.ppp.ds-domena-017.pl. 3600 IN A 89.221.220.56
qqq.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.qqq.ds-domena-017.pl. 3600 IN A 89.221.220.56
rrr.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.rrr.ds-domena-017.pl. 3600 IN A 89.221.220.56
smtp.ds-domena-017.pl. 3600 IN A 89.221.220.56
sss.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.sss.ds-domena-017.pl. 3600 IN A 89.221.220.56
ttt.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.ttt.ds-domena-017.pl. 3600 IN A 89.221.220.56
uuu.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.uuu.ds-domena-017.pl. 3600 IN A 89.221.220.56
vvv.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.vvv.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.ds-domena-017.pl. 3600 IN A 89.221.220.56
xxx.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.xxx.ds-domena-017.pl. 3600 IN A 89.221.220.56
yyy.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.yyy.ds-domena-017.pl. 3600 IN A 89.221.220.56
zzz.ds-domena-017.pl. 3600 IN A 89.221.220.56
www.zzz.ds-domena-017.pl. 3600 IN A 89.221.220.56
ds-domena-017.pl. 3600 IN SOA ns1.server-89-221-220-56.da.direct. hostmaster.ds-domena-017.pl. 2025051523 3600 3600 1209600 86400
;; Query time: 0 msec
;; SERVER: 89.221.220.56#53(89.221.220.56) (TCP)
;; WHEN: Mon May 19 10:32:27 CEST 2025
;; XFR size: 62 records (messages 1, bytes 1403)

 

Publikováno vDirect Admin Domény