change allow-transfer default to "none"

Changed the default value for 'allow-transfer' to 'none'; zone
transfers now require explicit authorization.

Updated all system tests to specify an allow-transfer ACL when needed.

Revised the ARM to specify that the default is 'none'.

diff --git a/bin/named/config.c b/bin/named/config.c
index 56e58d285a5f598a442ceb746aafe6485cddc01f..38ddc7ca238be60bcaf66c2d5bfb71af11b7681c 100644 (file)
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -207,7 +207,7 @@ options {\n\
        /* zone */\n\
        allow-query {any;};\n\
        allow-query-on {any;};\n\
-       allow-transfer {any;};\n\
+       allow-transfer {none;};\n\
 #      also-notify <none>\n\
        check-integrity yes;\n\
        check-mx-cname warn;\n\

diff --git a/bin/tests/system/addzone/ns1/named.conf.in b/bin/tests/system/addzone/ns1/named.conf.in
index 8c94791c8a22db7d9daf3de33fd8dbc7146b41bd..30731c46a62ced58970c0f17cf2936f539d90736 100644 (file)
--- a/bin/tests/system/addzone/ns1/named.conf.in
+++ b/bin/tests/system/addzone/ns1/named.conf.in
@@ -25,6 +25,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        allow-query { any; };
        allow-new-zones yes;
        recursion no;

diff --git a/bin/tests/system/addzone/ns3/named1.conf.in b/bin/tests/system/addzone/ns3/named1.conf.in
index 117ca76204c46c9f5ecaea73ed7e9eb9210512c7..ba7476be93222da3e08ab254ba3797df6ea8de8e 100644 (file)
--- a/bin/tests/system/addzone/ns3/named1.conf.in
+++ b/bin/tests/system/addzone/ns3/named1.conf.in
@@ -23,6 +23,7 @@ options {
        listen-on { 10.53.0.3; };
        listen-on-v6 { none; };
        allow-query { any; };
+       allow-transfer { any; };
        recursion no;
        allow-new-zones yes;
        dnssec-validation no;

diff --git a/bin/tests/system/addzone/ns3/named2.conf.in b/bin/tests/system/addzone/ns3/named2.conf.in
index 2e95b4c257725ce527cdd5027dd229b69d9140a6..76e4b8a466d89c576a7cc5f5735cead94a18d985 100644 (file)
--- a/bin/tests/system/addzone/ns3/named2.conf.in
+++ b/bin/tests/system/addzone/ns3/named2.conf.in
@@ -23,6 +23,7 @@ options {
        listen-on { 10.53.0.3; };
        listen-on-v6 { none; };
        allow-query { any; };
+       allow-transfer { any; };
        recursion no;
        allow-new-zones yes;
        dnssec-validation no;

diff --git a/bin/tests/system/auth/ns1/named.conf.in b/bin/tests/system/auth/ns1/named.conf.in
index 9d0a517b68d0e17c59986b56a286e7c166b38947..7fdc1a1524ab7329f56c8ac3da6d582864b79c66 100644 (file)
--- a/bin/tests/system/auth/ns1/named.conf.in
+++ b/bin/tests/system/auth/ns1/named.conf.in
@@ -25,6 +25,8 @@ options {
 };
 
 view main in {
+       allow-transfer { any; };
+
        zone example.net {
                type primary;
                file "example.net.db";

diff --git a/bin/tests/system/autosign/ns1/named.conf.in b/bin/tests/system/autosign/ns1/named.conf.in
index 64214825954a2fea3c68d6e497ec4b79c71556bb..fb76b65dc90d4851fa07a48da485e4eb2d55caef 100644 (file)
--- a/bin/tests/system/autosign/ns1/named.conf.in
+++ b/bin/tests/system/autosign/ns1/named.conf.in
@@ -21,6 +21,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        dnssec-validation yes;

diff --git a/bin/tests/system/autosign/ns2/named.conf.in b/bin/tests/system/autosign/ns2/named.conf.in
index eb0b08038617e3971222770d689293aaf86f5634..f4c555b0d762fae693184d08f5d1f3c7669ade62 100644 (file)
--- a/bin/tests/system/autosign/ns2/named.conf.in
+++ b/bin/tests/system/autosign/ns2/named.conf.in
@@ -21,6 +21,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        dnssec-validation yes;

diff --git a/bin/tests/system/autosign/ns3/named.conf.in b/bin/tests/system/autosign/ns3/named.conf.in
index 2316de29326fdc419d649aad097dd2451c0e7114..3707a2c7c9d2c86dfc3091d7eadd0921493b4d8b 100644 (file)
--- a/bin/tests/system/autosign/ns3/named.conf.in
+++ b/bin/tests/system/autosign/ns3/named.conf.in
@@ -24,6 +24,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.3; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        dnssec-validation yes;

diff --git a/bin/tests/system/cacheclean/ns1/named.conf.in b/bin/tests/system/cacheclean/ns1/named.conf.in
index 98d2b281be5c68cedf75e6b1b9ca19d01ac0109c..fa6fe276b2f59339eaa074b748fd793bfc7b8a32 100644 (file)
--- a/bin/tests/system/cacheclean/ns1/named.conf.in
+++ b/bin/tests/system/cacheclean/ns1/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/case/ns1/named.conf.in b/bin/tests/system/case/ns1/named.conf.in
index fa0d8084d8f61909dfd01a6b43c200ec1209a763..5e90084294ab07b1019001d7627637d5ff279611 100644 (file)
--- a/bin/tests/system/case/ns1/named.conf.in
+++ b/bin/tests/system/case/ns1/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        ixfr-from-differences yes;

diff --git a/bin/tests/system/case/ns2/named.conf.in b/bin/tests/system/case/ns2/named.conf.in
index fe0b52ca7a2d419cf45d8075a193ec1e49fe5b00..5ea648bfca3de14953ef20479939adc5c18eac15 100644 (file)
--- a/bin/tests/system/case/ns2/named.conf.in
+++ b/bin/tests/system/case/ns2/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        ixfr-from-differences yes;

diff --git a/bin/tests/system/catz/ns2/named1.conf.in b/bin/tests/system/catz/ns2/named1.conf.in
index 9de019b6b44ff83a07e41d60a80ca9c3a0914a1b..bef4751295bf216dd91921aedeede59bc96b8ce3 100644 (file)
--- a/bin/tests/system/catz/ns2/named1.conf.in
+++ b/bin/tests/system/catz/ns2/named1.conf.in
@@ -25,6 +25,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { fd92:7065:b8e:ffff::2; };
+       allow-transfer { any; };
        notify no;
        notify-delay 0;
        recursion no;

diff --git a/bin/tests/system/catz/ns2/named2.conf.in b/bin/tests/system/catz/ns2/named2.conf.in
index 99055688586a9d3312e1b100dc28a23d0525285e..ead45a85afa71b0c35f32c386e3b4e8b424e22f9 100644 (file)
--- a/bin/tests/system/catz/ns2/named2.conf.in
+++ b/bin/tests/system/catz/ns2/named2.conf.in
@@ -25,6 +25,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { fd92:7065:b8e:ffff::2; };
+       allow-transfer { any; };
        notify no;
        notify-delay 0;
        recursion no;

diff --git a/bin/tests/system/catz/ns3/named.conf.in b/bin/tests/system/catz/ns3/named.conf.in
index 59a75b0a295ab52248a885862fa8e42e73067f6a..934eced2a1bdf562e0bde94b8f8c7f9e67e797c1 100644 (file)
--- a/bin/tests/system/catz/ns3/named.conf.in
+++ b/bin/tests/system/catz/ns3/named.conf.in
@@ -27,6 +27,7 @@ options {
        provide-ixfr no;
        listen-on { 10.53.0.3; };
        listen-on-v6 { fd92:7065:b8e:ffff::3; };
+       allow-transfer { any; };
        notify no;
        notify-delay 0;
        recursion no;

diff --git a/bin/tests/system/catz/ns4/named.conf.in b/bin/tests/system/catz/ns4/named.conf.in
index 3ac60b2dd88e0e12acf86cf77b33e18a5ea0e7f1..75cb19e3ea76e418221714321bd2433a9a996a78 100644 (file)
--- a/bin/tests/system/catz/ns4/named.conf.in
+++ b/bin/tests/system/catz/ns4/named.conf.in
@@ -26,6 +26,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.4; };
        listen-on-v6 { fd92:7065:b8e:ffff::4; };
+       allow-transfer { any; };
        notify no;
        notify-delay 0;
        recursion no;

diff --git a/bin/tests/system/checknames/ns4/named.conf.in b/bin/tests/system/checknames/ns4/named.conf.in
index 841bb5904eccd2c661162897219712f90977f27b..7b121fe634059299a6782d6952b6f2f20b4bda94 100644 (file)
--- a/bin/tests/system/checknames/ns4/named.conf.in
+++ b/bin/tests/system/checknames/ns4/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.4; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        dnssec-validation yes;
        check-names primary ignore;

diff --git a/bin/tests/system/checknames/ns5/named.conf.in b/bin/tests/system/checknames/ns5/named.conf.in
index dec85ec498c6a9079b4a85c5a4e18b7e463c099e..62c870bf7c187d15700b4ac03d3daafb1a9dc2c6 100644 (file)
--- a/bin/tests/system/checknames/ns5/named.conf.in
+++ b/bin/tests/system/checknames/ns5/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.5; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        dnssec-validation yes;
        check-names master ignore;

diff --git a/bin/tests/system/dialup/ns1/named.conf.in b/bin/tests/system/dialup/ns1/named.conf.in
index a9c67775093aab2267058cb9272da3b4dfd7873b..75a497bca199fff692b97a47df618975549f7e6c 100644 (file)
--- a/bin/tests/system/dialup/ns1/named.conf.in
+++ b/bin/tests/system/dialup/ns1/named.conf.in
@@ -21,6 +21,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        heartbeat-interval 1;
        recursion no;
        dnssec-validation no;

diff --git a/bin/tests/system/dialup/ns2/named.conf.in b/bin/tests/system/dialup/ns2/named.conf.in
index 166b463189ac5f387dff3eeae78e0afed7be7190..495e267058403feaf14051a6e6f296b8d12e7d7a 100644 (file)
--- a/bin/tests/system/dialup/ns2/named.conf.in
+++ b/bin/tests/system/dialup/ns2/named.conf.in
@@ -21,6 +21,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        heartbeat-interval 1;
        recursion no;
        dnssec-validation no;

diff --git a/bin/tests/system/dnssec/ns2/named.conf.in b/bin/tests/system/dnssec/ns2/named.conf.in
index 6a3e6ca4a7cb0e41cc705a1bbbf7369e98f557fe..6e9ccf68a92c32d9af5a6549537638f722c261a2 100644 (file)
--- a/bin/tests/system/dnssec/ns2/named.conf.in
+++ b/bin/tests/system/dnssec/ns2/named.conf.in
@@ -21,6 +21,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        dnssec-validation yes;

diff --git a/bin/tests/system/dnssec/ns3/named.conf.in b/bin/tests/system/dnssec/ns3/named.conf.in
index f3675f4c31406441cb124482ea8e6b3054a71e00..d8f45a825a5c6f2a100b3e2898c610f5cc9d4f83 100644 (file)
--- a/bin/tests/system/dnssec/ns3/named.conf.in
+++ b/bin/tests/system/dnssec/ns3/named.conf.in
@@ -21,6 +21,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.3; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        dnssec-validation yes;

diff --git a/bin/tests/system/inline/ns1/named.conf.in b/bin/tests/system/inline/ns1/named.conf.in
index da27c58c87a9076ab2f52519986dc5adac0c9c95..897e764ef962c6414277ae79e9ad8c17f401a40f 100644 (file)
--- a/bin/tests/system/inline/ns1/named.conf.in
+++ b/bin/tests/system/inline/ns1/named.conf.in
@@ -23,6 +23,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        dnssec-validation yes;

diff --git a/bin/tests/system/inline/ns2/named.conf.in b/bin/tests/system/inline/ns2/named.conf.in
index e367b6052fca393c273a0530161313cf609082f7..30c8af3e8f2f33aa5f613f8267bcc1f2d1421de6 100644 (file)
--- a/bin/tests/system/inline/ns2/named.conf.in
+++ b/bin/tests/system/inline/ns2/named.conf.in
@@ -27,6 +27,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        notify-delay 0;

diff --git a/bin/tests/system/inline/ns3/named.conf.in b/bin/tests/system/inline/ns3/named.conf.in
index ff91985cf47f7ee81b83ac2eabb0f698b46eb21b..8c6a41c034832a5931a49884e4ead1eab8c9e378 100644 (file)
--- a/bin/tests/system/inline/ns3/named.conf.in
+++ b/bin/tests/system/inline/ns3/named.conf.in
@@ -28,6 +28,7 @@ options {
        listen-on { 10.53.0.3; };
        listen-on-v6 { none; };
        recursion no;
+       allow-transfer { any; };
        notify yes;
        try-tcp-refresh no;
        notify-delay 0;

diff --git a/bin/tests/system/inline/ns4/named.conf.in b/bin/tests/system/inline/ns4/named.conf.in
index c0745f40ffb540e5a92ef3be21955c82111b2357..42a21bdcedf06d465f7f1ba6d6ecc5c81900c504 100644 (file)
--- a/bin/tests/system/inline/ns4/named.conf.in
+++ b/bin/tests/system/inline/ns4/named.conf.in
@@ -21,6 +21,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.4; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        notify-delay 0;

diff --git a/bin/tests/system/ixfr/ns1/named.conf.in b/bin/tests/system/ixfr/ns1/named.conf.in
index 48fc1cd01cb9c87f2021275aeff11848ddca4204..1bf58a7f3cdef6c01b90e74dd68c1aba34aeb705 100644 (file)
--- a/bin/tests/system/ixfr/ns1/named.conf.in
+++ b/bin/tests/system/ixfr/ns1/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        dnssec-validation no;

diff --git a/bin/tests/system/ixfr/ns4/named.conf.in b/bin/tests/system/ixfr/ns4/named.conf.in
index ae6657e13e9579b968252950d7e27a9ba4e8b8a9..83cc318ec24a804ee0050fabb58f67e8775a1919 100644 (file)
--- a/bin/tests/system/ixfr/ns4/named.conf.in
+++ b/bin/tests/system/ixfr/ns4/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.4; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        dnssec-validation no;

diff --git a/bin/tests/system/ixfr/ns5/named.conf.in b/bin/tests/system/ixfr/ns5/named.conf.in
index e1056fc589a700b7576d7dfe1d9613dfb47902ef..03c8f86732d428a43909b2599b176c9d5f50981f 100644 (file)
--- a/bin/tests/system/ixfr/ns5/named.conf.in
+++ b/bin/tests/system/ixfr/ns5/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.5; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        provide-ixfr no;

diff --git a/bin/tests/system/kasp/ns4/named.conf.in b/bin/tests/system/kasp/ns4/named.conf.in
index dd245ca919417516e4ca2ad4ecb78e06c989a8f9..df02b2d46291511281010dc12e4cb15d8d38c9a4 100644 (file)
--- a/bin/tests/system/kasp/ns4/named.conf.in
+++ b/bin/tests/system/kasp/ns4/named.conf.in
@@ -64,6 +64,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.4; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-policy "test";
        dnssec-validation no;

diff --git a/bin/tests/system/kasp/ns5/named.conf.in b/bin/tests/system/kasp/ns5/named.conf.in
index 643e6494c6e6a794387fd1c001659fe7bae6c001..958510359d35b92b96fee2c7c45c3d9cf8e646dd 100644 (file)
--- a/bin/tests/system/kasp/ns5/named.conf.in
+++ b/bin/tests/system/kasp/ns5/named.conf.in
@@ -49,6 +49,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.5; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-policy "none";
        dnssec-validation no;

diff --git a/bin/tests/system/masterfile/ns1/named.conf.in b/bin/tests/system/masterfile/ns1/named.conf.in
index 4203aae917c190442eac59f93cf628b0305ceea6..788eaa646b022bf439fa8302e79b0214c6d7d3f6 100644 (file)
--- a/bin/tests/system/masterfile/ns1/named.conf.in
+++ b/bin/tests/system/masterfile/ns1/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        dnssec-validation no;

diff --git a/bin/tests/system/masterfile/ns2/named.conf.in b/bin/tests/system/masterfile/ns2/named.conf.in
index e1e8dc2bf6bf522c72e46569e062169b40b3f437..6333b05f40d422c9761e981ddb0d9a77dcdd97fa 100644 (file)
--- a/bin/tests/system/masterfile/ns2/named.conf.in
+++ b/bin/tests/system/masterfile/ns2/named.conf.in
@@ -21,6 +21,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        dnssec-validation yes;

diff --git a/bin/tests/system/mirror/ns1/named.conf.in b/bin/tests/system/mirror/ns1/named.conf.in
index 22173f7996cab2ce630780df2248f172ff39c5e7..32f6d2e29c0ef756f9e6d7902fb7189c3611837b 100644 (file)
--- a/bin/tests/system/mirror/ns1/named.conf.in
+++ b/bin/tests/system/mirror/ns1/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
 };

diff --git a/bin/tests/system/mirror/ns2/named.conf.in b/bin/tests/system/mirror/ns2/named.conf.in
index 7eaed5b11f2a418b111ec67194de5582ac762f3d..57261bfc0732b9fd20137508eee23d631848b511 100644 (file)
--- a/bin/tests/system/mirror/ns2/named.conf.in
+++ b/bin/tests/system/mirror/ns2/named.conf.in
@@ -28,6 +28,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
 };

diff --git a/bin/tests/system/notify/ns2/named.conf.in b/bin/tests/system/notify/ns2/named.conf.in
index 3f16e229dbe0dff2fd951f6d034a40b1ad84537f..a71a799ce1dfe2fabb98dc30f58fa1d13c3ff982 100644 (file)
--- a/bin/tests/system/notify/ns2/named.conf.in
+++ b/bin/tests/system/notify/ns2/named.conf.in
@@ -20,6 +20,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        notify yes;
        startup-notify-rate 5;

diff --git a/bin/tests/system/notify/ns4/named.conf.in b/bin/tests/system/notify/ns4/named.conf.in
index 2f0b930b42577259362bfc051d03ae99c20d3e0c..ce6373d605689dff77f75b9003d42ee791076757 100644 (file)
--- a/bin/tests/system/notify/ns4/named.conf.in
+++ b/bin/tests/system/notify/ns4/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.4; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        notify yes;
        dnssec-validation no;

diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
index 3104bc7b6ae3a0edc1ba74eb65282ec0b9c8b077..5bdaa57456ba11cb57d24b451d81bcb89e799977 100644 (file)
--- a/bin/tests/system/notify/ns5/named.conf.in
+++ b/bin/tests/system/notify/ns5/named.conf.in
@@ -34,6 +34,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.5; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        notify yes;
        dnssec-validation no;

diff --git a/bin/tests/system/rpz/ns1/named.conf.in b/bin/tests/system/rpz/ns1/named.conf.in
index 8b466f0f36925c51726fc7666c83acef3dd74e2f..e7af61d073764364917f826ac1d9e61b2255544a 100644 (file)
--- a/bin/tests/system/rpz/ns1/named.conf.in
+++ b/bin/tests/system/rpz/ns1/named.conf.in
@@ -20,6 +20,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        notify no;
        minimal-responses no;
        dnssec-validation no;

diff --git a/bin/tests/system/rpz/ns10/named.conf.in b/bin/tests/system/rpz/ns10/named.conf.in
index d645e381c7aa1bb7e8e687ba41f99f1a1860166d..2cbb6ee838a9aceeadc76eda4132e8ecb8873118 100644 (file)
--- a/bin/tests/system/rpz/ns10/named.conf.in
+++ b/bin/tests/system/rpz/ns10/named.conf.in
@@ -20,6 +20,7 @@ options {
        session-keyfile "session.key";
        listen-on { 10.53.0.10; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        notify no;
        minimal-responses no;
        recursion yes;

diff --git a/bin/tests/system/rpz/ns2/named.conf.in b/bin/tests/system/rpz/ns2/named.conf.in
index 9b2ab3a81f0a98ec25e6bf2647c89bcd9865b545..617edd9e9d2735099be743fd09549c56d3858202 100644 (file)
--- a/bin/tests/system/rpz/ns2/named.conf.in
+++ b/bin/tests/system/rpz/ns2/named.conf.in
@@ -20,6 +20,7 @@ options {
        session-keyfile "session.key";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        notify no;
        minimal-responses no;
        recursion yes;

diff --git a/bin/tests/system/rpz/ns3/named.conf.in b/bin/tests/system/rpz/ns3/named.conf.in
index b2ba42720c0b174b4273cf392bdae99eb826e711..51caae343137d94219d6d2d109583048466308ab 100644 (file)
--- a/bin/tests/system/rpz/ns3/named.conf.in
+++ b/bin/tests/system/rpz/ns3/named.conf.in
@@ -25,6 +25,7 @@ options {
        session-keyfile "session.key";
        listen-on { 10.53.0.3; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        notify yes;
        minimal-responses no;
        recursion yes;

diff --git a/bin/tests/system/rpz/ns4/named.conf.in b/bin/tests/system/rpz/ns4/named.conf.in
index 909f1c63aaceef886012979b7a80d234756ec51d..a5ef523ced3f27ff6f95d190cf30220225e9d477 100644 (file)
--- a/bin/tests/system/rpz/ns4/named.conf.in
+++ b/bin/tests/system/rpz/ns4/named.conf.in
@@ -20,6 +20,7 @@ options {
        session-keyfile "session.key";
        listen-on { 10.53.0.4; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        notify no;
        minimal-responses no;
        recursion yes;

diff --git a/bin/tests/system/rpz/ns5/named.conf.in b/bin/tests/system/rpz/ns5/named.conf.in
index 58b591b70dd38e53f8f4c9c5f3c2a06177fc4e79..e24d80e006426809d70f64c7066cb7e70cd0c558 100644 (file)
--- a/bin/tests/system/rpz/ns5/named.conf.in
+++ b/bin/tests/system/rpz/ns5/named.conf.in
@@ -25,6 +25,7 @@ options {
        session-keyfile "session.key";
        listen-on { 10.53.0.5; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        ixfr-from-differences yes;
        notify-delay 0;
        notify yes;

diff --git a/bin/tests/system/rpz/ns6/named.conf.in b/bin/tests/system/rpz/ns6/named.conf.in
index 5c4b77437f9e2013c98c6fa88a1bec491466a615..09101eec06c05c78bbb32ff81047537e0fb99e47 100644 (file)
--- a/bin/tests/system/rpz/ns6/named.conf.in
+++ b/bin/tests/system/rpz/ns6/named.conf.in
@@ -21,6 +21,7 @@ options {
        session-keyfile "session.key";
        listen-on { 10.53.0.6; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        forward only;
        forwarders { 10.53.0.3; };
        minimal-responses no;

diff --git a/bin/tests/system/rpz/ns7/named.conf.in b/bin/tests/system/rpz/ns7/named.conf.in
index 3aed1a2bb1a913ff6885d5eb980299c02c000d77..1eb209e3f3bde26664bed2034fb41adfdac4dde1 100644 (file)
--- a/bin/tests/system/rpz/ns7/named.conf.in
+++ b/bin/tests/system/rpz/ns7/named.conf.in
@@ -21,6 +21,7 @@ options {
        session-keyfile "session.key";
        listen-on { 10.53.0.7; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        minimal-responses no;
        recursion yes;
        dnssec-validation yes;

diff --git a/bin/tests/system/rpz/ns8/named.conf.in b/bin/tests/system/rpz/ns8/named.conf.in
index 87f6c8e3526207e2f03ca7036671499d18feb78e..de4b2a411b3941158a784c76f56d1c4669fcd485 100644 (file)
--- a/bin/tests/system/rpz/ns8/named.conf.in
+++ b/bin/tests/system/rpz/ns8/named.conf.in
@@ -25,6 +25,7 @@ options {
        session-keyfile "session.key";
        listen-on { 10.53.0.8; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        notify yes;
        minimal-responses no;
        recursion yes;

diff --git a/bin/tests/system/rpz/ns9/named.conf.in b/bin/tests/system/rpz/ns9/named.conf.in
index 6010082c8fc76fc5574ca8bde7396c725d6d4b52..5740193aeeb0ba8c49cbd9f50049ef1fa60c6ba4 100644 (file)
--- a/bin/tests/system/rpz/ns9/named.conf.in
+++ b/bin/tests/system/rpz/ns9/named.conf.in
@@ -25,6 +25,7 @@ options {
        session-keyfile "session.key";
        listen-on { 10.53.0.9; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        notify yes;
        minimal-responses no;
        recursion yes;

diff --git a/bin/tests/system/rrsetorder/ns1/named.conf.in b/bin/tests/system/rrsetorder/ns1/named.conf.in
index 98301c2e5b1dc6b22f2b63852a0d8557dcaa9681..2f1850d1d7f2269e724056dd7f5db441ace97e5c 100644 (file)
--- a/bin/tests/system/rrsetorder/ns1/named.conf.in
+++ b/bin/tests/system/rrsetorder/ns1/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify no;

diff --git a/bin/tests/system/serve-stale/ns1/named1.conf.in b/bin/tests/system/serve-stale/ns1/named1.conf.in
index d25611db0218d0c85b3b749d51c88116dcdd98e3..5b20f4afa4ee7cdecf101279959bc16910e76f40 100644 (file)
--- a/bin/tests/system/serve-stale/ns1/named1.conf.in
+++ b/bin/tests/system/serve-stale/ns1/named1.conf.in
@@ -28,6 +28,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        dnssec-validation no;
        max-stale-ttl 3600;

diff --git a/bin/tests/system/serve-stale/ns1/named2.conf.in b/bin/tests/system/serve-stale/ns1/named2.conf.in
index 82e5e76550c591d7f889e4ec743ae731e5ebc5cb..d0bfdbe858f6c588b1058f20afd0b480257c4738 100644 (file)
--- a/bin/tests/system/serve-stale/ns1/named2.conf.in
+++ b/bin/tests/system/serve-stale/ns1/named2.conf.in
@@ -28,6 +28,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        dnssec-validation no;
        max-stale-ttl 3600;

diff --git a/bin/tests/system/serve-stale/ns1/named3.conf.in b/bin/tests/system/serve-stale/ns1/named3.conf.in
index 4f6f17573a702cf445be1d9a0fb053d7d75d8cdc..22078635e089c90e064e0af912b02e8cb99e7cb2 100644 (file)
--- a/bin/tests/system/serve-stale/ns1/named3.conf.in
+++ b/bin/tests/system/serve-stale/ns1/named3.conf.in
@@ -28,6 +28,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        dnssec-validation no;
        max-stale-ttl 20;

diff --git a/bin/tests/system/serve-stale/ns1/named4.conf.in b/bin/tests/system/serve-stale/ns1/named4.conf.in
index f2cc2a853c29f396e613eac5c6e9372245249f88..9bf2f76710bd252d7a8ef105d608e81ea382c19e 100644 (file)
--- a/bin/tests/system/serve-stale/ns1/named4.conf.in
+++ b/bin/tests/system/serve-stale/ns1/named4.conf.in
@@ -28,6 +28,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        dnssec-validation no;
        max-stale-ttl 20;

diff --git a/bin/tests/system/timeouts/ns1/named.conf.in b/bin/tests/system/timeouts/ns1/named.conf.in
index b7d468b3822d20c275bff39616276ab760723af2..b093f86b1aa6f7dc91eb5d7c02f1a039280b629c 100644 (file)
--- a/bin/tests/system/timeouts/ns1/named.conf.in
+++ b/bin/tests/system/timeouts/ns1/named.conf.in
@@ -25,6 +25,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        dnssec-validation no;
        recursion no;
        notify no;

diff --git a/bin/tests/system/unknown/ns1/named.conf.in b/bin/tests/system/unknown/ns1/named.conf.in
index a4b98db7afb55524f4e58b0842b632fadbb56326..23fb632575aa913ac8543694b64481a15085b0e9 100644 (file)
--- a/bin/tests/system/unknown/ns1/named.conf.in
+++ b/bin/tests/system/unknown/ns1/named.conf.in
@@ -25,6 +25,8 @@ options {
 };
 
 view "in" {
+       allow-transfer { any; };
+
        zone "example." {
                type primary;
                file "example-in.db";

diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
index 721f4fe3407178edb8901bdf2934e17755630bce..79d66c2fa400457439aaf1f1159b417978e6633f 100644 (file)
--- a/bin/tests/system/upforwd/ns1/named.conf.in
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
@@ -26,6 +26,7 @@ options {
        listen-on { 10.53.0.1; };
        listen-on tls ephemeral { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/upforwd/ns2/named.conf.in b/bin/tests/system/upforwd/ns2/named.conf.in
index 2322aa198469c672b27df2802aac2957972c84c2..06cd8e5bb8adcd46f724aa2d0c9b2227e0700412 100644 (file)
--- a/bin/tests/system/upforwd/ns2/named.conf.in
+++ b/bin/tests/system/upforwd/ns2/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/upforwd/ns3/named1.conf.in b/bin/tests/system/upforwd/ns3/named1.conf.in
index b1e42f71cd140228c7c87c945fdf2fd9a9ef1852..df51f7bb2c2767a684fc3d138411856e225e01fa 100644 (file)
--- a/bin/tests/system/upforwd/ns3/named1.conf.in
+++ b/bin/tests/system/upforwd/ns3/named1.conf.in
@@ -21,6 +21,7 @@ options {
        listen-on { 10.53.0.3; };
        listen-on tls ephemeral { 10.53.0.3; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/upforwd/ns3/named2.conf.in b/bin/tests/system/upforwd/ns3/named2.conf.in
index 1fe3e0488a0b380b245ed4517cd074283656546b..074c40a7513fb96e3217df1edbd2a6c342d0ffc3 100644 (file)
--- a/bin/tests/system/upforwd/ns3/named2.conf.in
+++ b/bin/tests/system/upforwd/ns3/named2.conf.in
@@ -21,6 +21,7 @@ options {
        listen-on { 10.53.0.3; };
        listen-on tls ephemeral { 10.53.0.3; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/views/ns2/named1.conf.in b/bin/tests/system/views/ns2/named1.conf.in
index cab21869c8e95ac476ba543bd170207f132f569b..4fd3ee550138ae35979ea8b52344cf1101f64ebd 100644 (file)
--- a/bin/tests/system/views/ns2/named1.conf.in
+++ b/bin/tests/system/views/ns2/named1.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/views/ns2/named2.conf.in b/bin/tests/system/views/ns2/named2.conf.in
index ac861347a0cfe161398b0295282c98bbd9863baf..de312f10a5e5b4c949b08f70a74dc06620a1cd76 100644 (file)
--- a/bin/tests/system/views/ns2/named2.conf.in
+++ b/bin/tests/system/views/ns2/named2.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; 10.53.0.4; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/views/ns2/named3.conf.in b/bin/tests/system/views/ns2/named3.conf.in
index d84cda96921ed5d1f834660ad93ce1b23d977716..4c25f30c75da4d32c4087fc4a97c8b4dbf7c66cb 100644 (file)
--- a/bin/tests/system/views/ns2/named3.conf.in
+++ b/bin/tests/system/views/ns2/named3.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify no;

diff --git a/bin/tests/system/xfer/ns1/named1.conf.in b/bin/tests/system/xfer/ns1/named1.conf.in
index 469e085d11646c5cebcdd426c46dc5f9695790a3..1f010ff8886955b803ed9e2828e9bc31c37dada2 100644 (file)
--- a/bin/tests/system/xfer/ns1/named1.conf.in
+++ b/bin/tests/system/xfer/ns1/named1.conf.in
@@ -25,6 +25,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/xfer/ns1/named2.conf.in b/bin/tests/system/xfer/ns1/named2.conf.in
index 401de479ecaaa78becb293f406db089a5def5260..3803b49056f7f062ee8ee1840daf216905426a2a 100644 (file)
--- a/bin/tests/system/xfer/ns1/named2.conf.in
+++ b/bin/tests/system/xfer/ns1/named2.conf.in
@@ -25,6 +25,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/xfer/ns1/named3.conf.in b/bin/tests/system/xfer/ns1/named3.conf.in
index b195986cdaca593ad9315468ec25ef3c39afd4c5..f22dd736403965c09404f17cd1b043d1087db7c4 100644 (file)
--- a/bin/tests/system/xfer/ns1/named3.conf.in
+++ b/bin/tests/system/xfer/ns1/named3.conf.in
@@ -25,6 +25,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/xfer/ns2/named.conf.in b/bin/tests/system/xfer/ns2/named.conf.in
index 6cb056b2a2c68be9c38ff08a223c680cb1c59122..761e112893a663846984240d99a3bf9e79006111 100644 (file)
--- a/bin/tests/system/xfer/ns2/named.conf.in
+++ b/bin/tests/system/xfer/ns2/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/xfer/ns3/named.conf.in b/bin/tests/system/xfer/ns3/named.conf.in
index b071e0cb330007738882bbf03261ea651dc2568f..1ee07d8bc612d2720a87bf39d489674bd5449fc5 100644 (file)
--- a/bin/tests/system/xfer/ns3/named.conf.in
+++ b/bin/tests/system/xfer/ns3/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.3; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion yes;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/xfer/ns4/named.conf.base.in b/bin/tests/system/xfer/ns4/named.conf.base.in
index e982715a5e25b2161e6bda45fbd41ea41f453095..4f98d4e4df7577d1357efc8c4b43d16302edbd15 100644 (file)
--- a/bin/tests/system/xfer/ns4/named.conf.base.in
+++ b/bin/tests/system/xfer/ns4/named.conf.base.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.4; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/xfer/ns6/named.conf.in b/bin/tests/system/xfer/ns6/named.conf.in
index 142383c89a80b7ff89cff7b6d4f2b3ff378f0c9f..8fd14bd7b1ec3ea70be82f0b6b2e90db1f0ecc7d 100644 (file)
--- a/bin/tests/system/xfer/ns6/named.conf.in
+++ b/bin/tests/system/xfer/ns6/named.conf.in
@@ -25,6 +25,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.6; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/xfer/ns7/named.conf.in b/bin/tests/system/xfer/ns7/named.conf.in
index 41ea1cbc2a2b26ae7a73d0000b3cc468a72e75ae..5861106633b23aac4172072adbf1b4b5fd4119a4 100644 (file)
--- a/bin/tests/system/xfer/ns7/named.conf.in
+++ b/bin/tests/system/xfer/ns7/named.conf.in
@@ -25,6 +25,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.7; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/xfer/ns8/named.conf.in b/bin/tests/system/xfer/ns8/named.conf.in
index 88e738c1216d4d875d4561597978267465b7dc1f..3d476ba3661b20954878e24192fa035f5ee89e67 100644 (file)
--- a/bin/tests/system/xfer/ns8/named.conf.in
+++ b/bin/tests/system/xfer/ns8/named.conf.in
@@ -25,6 +25,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.8; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify no;

diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh
index 76b51dfd6bec02bdde5acbcfc2bab1b788909a41..950268def411b81948524f6cc67fa9da84a85aaa 100755 (executable)
--- a/bin/tests/system/xfer/tests.sh
+++ b/bin/tests/system/xfer/tests.sh
@@ -255,7 +255,7 @@ status=$((status + tmp))
 
 n=$((n + 1))
 echo_i "check that a multi-message uncompressable zone transfers ($n)"
-$DIG axfr . -p ${PORT} @10.53.0.4 | grep SOA >axfr.out
+$DIG axfr . -p ${PORT} @10.53.0.4 | grep SOA >axfr.out || tmp=1
 if test $(wc -l <axfr.out) != 2; then
   echo_i "failed"
   status=$((status + 1))

diff --git a/bin/tests/system/xferquota/ns1/named.conf.in b/bin/tests/system/xferquota/ns1/named.conf.in
index e868318ae6b0a4ce6497a9eb8b9610303bcf7520..67f2e63f405aab1f6dd7e2aabefc278b901d4eac 100644 (file)
--- a/bin/tests/system/xferquota/ns1/named.conf.in
+++ b/bin/tests/system/xferquota/ns1/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.1; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify yes;

diff --git a/bin/tests/system/xferquota/ns2/named.conf.in b/bin/tests/system/xferquota/ns2/named.conf.in
index a82fa44c2bddb79db950d22e4cf87259ceddb754..6aaf525901c9ba5c734c2c7adb3030acee4eb9c3 100644 (file)
--- a/bin/tests/system/xferquota/ns2/named.conf.in
+++ b/bin/tests/system/xferquota/ns2/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        listen-on { 10.53.0.2; };
        listen-on-v6 { none; };
+       allow-transfer { any; };
        recursion no;
        dnssec-validation no;
        notify no;

diff --git a/bin/tests/system/zero/ns2/named.conf.in b/bin/tests/system/zero/ns2/named.conf.in
index 751eafdb0b37a36a80b9ebeb57cf958505453603..66291469001fde0a2821f80b9f139c09845e8705 100644 (file)
--- a/bin/tests/system/zero/ns2/named.conf.in
+++ b/bin/tests/system/zero/ns2/named.conf.in
@@ -21,6 +21,7 @@ options {
        listen-on-v6 { none; };
        recursion no;
        dnssec-validation no;
+       allow-transfer { any; };
 };
 
 zone "example" {

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 0e545295dbcc7484b812ffbbee554edfd9f33f86..4c0cc55e581fb75c3f353d629b7fc0b6dd86bd34 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -3054,8 +3054,7 @@ for details on how to specify IP address lists.
    This specifies which hosts are allowed to receive zone transfers from the
    server. :any:`allow-transfer` may also be specified in the :any:`zone`
    statement, in which case it overrides the :any:`allow-transfer`
-   statement set in :namedconf:ref:`options` or :any:`view`. If not specified, the
-   default is to allow transfers to all hosts.
+   statement set in :namedconf:ref:`options` or :any:`view`.
 
    The transport level limitations can also be specified. In particular,
    zone transfers can be restricted to a specific port and/or DNS
@@ -3068,6 +3067,9 @@ for details on how to specify IP address lists.
    allows outgoing zone transfers to any host using the TLS transport
    over port 853.
 
+   If :any:`allow-transfer` is not specified, then the default is
+   ``none``; outgoing zone transfers are disabled.
+
 .. warning::
 
    Please note that incoming TLS connections are