Andrea wrote:
> Hi there,
> I'm setting up a secondary dns server with bind (the primary is a
> Microsoft DNS server).
> First of all I was wondering if I have to write this
>
> zone "xxx.it" {
> type slave;
> file "/var/slaves/xxx.it.zone";
> masters { xxx.xxx.xxx.xxx; };
> allow-transfer { xxx.xxx.xxx.xxx; };
> };
>

"allow-transfer" governs only *outbound* zone transfers, so you don't
need it on a slave unless it also has slaves of its own (i.e.
multi-level replication hierarchy), or you have apps/programs/clients
that do zone transfers specifically from this box. Note also that the
default setting for allow-transfer is "any", so unless you've restricted
it globally, you don't need to selectively re-enable it for each zone.


- Kevin