Next: , Previous: Slave configuration, Up: Knot DNS Configuration


4.3 Master configuration

You can specify which remotes to allow for outgoing XFR and NOTIFY zones.

     remotes {
       slave { address 127.0.0.1@53; }
       any { address 0.0.0.0/0; }
       subnet1 { address 192.168.1.0/8; }
       subnet2 { address 192.168.2.0/8; }
     }
     zones {
       example.com {
         file "/var/zones/example.com";
         xfr-out subnet1, subnet2; # allow outgoing transfers
         notify-out slave;
         update-in subnet1; # only allow DNS UPDATE from subnet1
       }
     }

You can also secure outgoing XFRs with TSIG.

     keys {
       key0 hmac-md5 "Wg=="; # keyname algorithm secret
     }
     remotes {
       any { address 0.0.0.0/0; key key0; }
     }
     zones {
       example.com {
         file "/var/zones/example.com";
         xfr-out any; # uses 'any' remote secured with TSIG key 'key0'
       }
     }