Remove "allow-transfer {none;};" from bind_plugin.inc.php
Background
-
ISPConfig-Master.example.com
->10.0.0.1
(runs ISPConfig 3.1.15p2 as master) -
ISPConfig-Web.example.com
->10.0.0.1
(runs ISPConfig 3.1.15p2 as slave) -
ISPConfig-Email.example.com
->10.0.0.3
(runs ISPConfig 3.1.15p2 as slave) -
PowerDNS-Slave.example.com
->10.0.0.3
(does NOT run ISPConfig)
-
I installed ISPConfig on
ISPConfig-Master.example.com
and configured it as just a DNS server with the ISPConfig interface for the cluster. I also set upPowerDNS-Slave.example.com
to be a PowerDNS "superslave" server so it will replicate any zone from any server I designate as a "supermaster", specificallyISPConfig-Master.example.com
but also another server which is outside of ISPConfig's control. -
I added the following directives to
/etc/bind/named.conf.options
onISPConfig-Master.example.com
so it will notifyPowerDNS-Slave.example.com
and allow transfers whenever any zone changes:notify yes; also-notify { 10.0.0.3; }; allow-notify { 10.0.0.3; }; allow-transfer { 10.0.0.3; };
Problem
PowerDNS-Slave.example.com
is notified when a zone changes, but fails to transfer the zone. After investigating, I discovered each zone on ISPConfig-Master.example.com
has the directive allow-transfer {none;};
. That setting overrides the global directive I added to /etc/bind/named.conf.options
.
Solution
I modified /usr/local/ispconfig/server/plugins-available/bind_plugin.inc.php
by commenting out lines 549 and 550:
// } else {
// $options .= " allow-transfer {none;};\n";
Request
Please consider putting the allow-transfer {none;};
directive in /etc/bind/named.conf.options
and make the change I have described to /usr/local/ispconfig/server/plugins-available/bind_plugin.inc.php
. This will protect zones from transfers while allowing the setting to be globally changed. This would be useful in cases like mine where there is one or more slave servers to which all zones need to be transferred.