From: Artem Boldariev Date: Tue, 23 Nov 2021 13:04:51 +0000 (+0200) Subject: Mention that the allow-transfer option has been extended X-Git-Tag: v9.17.21~13^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=792ff02045492d007dcb16aae6405e2b470739d4;p=thirdparty%2Fbind9.git Mention that the allow-transfer option has been extended This commit updates both the reference manual and release notes with the information that 'allow-transfer' has been extended with additional "port" and "transport" options. --- diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 0562bbe6278..c69148989c4 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -2416,6 +2416,14 @@ for details on how to specify IP address lists. statement set in ``options`` or ``view``. If not specified, the default is to allow transfers to all hosts. + The transport level limitations can also be specified. In + particular, zone transfers can be restricted to a specific port and + DNS transport protocol by using the options ``port`` and + ``transport``. Zone transfers are currently only possible via the + TCP and TLS transports; either option can be specified. + + For example: ``allow-transfer port 853 transport tls { any; };`` + ``blackhole`` This specifies a list of addresses which the server does not accept queries from or use to resolve a query. Queries from these addresses are not diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 9fe3c2bfefc..8932ffcca16 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -35,7 +35,13 @@ Removed Features Feature Changes ~~~~~~~~~~~~~~~ -- None. +- The ``allow-transfers`` option was extended to accept additional + ``port`` and ``transport`` parameters, to further restrict zone + transfers to a particular port and DNS transport protocol. Either of + these options can be specified. + + For example: ``allow-transfer port 853 transport tls { any; };`` + :gl:`#2776` Bug Fixes ~~~~~~~~~