Restricting Zone Transfers from Novell's DNS/DHCP Server
Articles and Tips: tip
01 Aug 2001
You can restrict zone transfers (what BIND refers to as the xfernets directive) from Novell's DNS/DHCP server. This ability is not exposed in the DNS/DHCP Management Console, but it is available and configureable at the zone level.
By configuring the "DNIP:Zone Out Filter" attribute on a Zone object, you can specify what addresses are allowed to request a zone transfer of that zone. The attribute is multi-valued, so you can add as many entries as you need. This attribute works the same as the xfernets entry in a BIND named.boot configuration file.
Using the ConsoleOne utility, you can set up this attribute by performing the following steps:
Select the properties page from the desired DNS Zone object in NDS.
Select the "Other" tab.
Click Add and select "DNIP:Zone Out Filter."
Specify the network or address with optional Mask information.
The format is: Address&Mask, both in dotted form. For instance, if you want to only allow zone transfers to the address 127.0.0.1 the entry would read 127.0.0.1 with the subnet mask 255.255.255.255.
If you want to allow transfers to any address in the range of 127.0.xxx.xxx, the entry would read 127.0.0.0&255.255.0.0.
* Originally published in Novell AppNotes
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.