Protecting a Slave Name Server from Abuse
3.10.1 Problem
You want to protect a slave name server from abuse by the maintainers of the zone.
3.10.2 Solution
Use the BIND 9 min-refresh-time, min-retry-time, max-transfer-time-in, max-transfer-idle-in, and additional-from-auth substatements.
min-refresh-time and min-retry-time are useful in guarding against the zone's administrator's either accidentally or deliberately setting his zone's refresh or retry times too low. For example:
zone "bar.example" { type slave; masters { 192.168.0.199; }; file "bak.bar.example"; min-refresh-time 3600; // 1 hour minimum refresh };
max-transfer-time-in and max-transfer-idle-in allow you to specify how long the name server will wait for a transfer of the zone to complete, and how long it will wait while the transfer is idle (i.e., isn't making progress). For example:
options directory "/var/named"; max-transfer-time-in 1800; // max transfer time 30 minutes max-transfer-idle-in 900; // max transfer idle 15 minutes };
Finally, in order to keep the name server from adding records to the additional data section of responses that come from slave zones, use the additional-from-auth options substatement
options { directory "/var/named"; additional-from-auth no; };
3.10.3 Discussion
You can use min-refresh-time and min-retry-time as options or zone substatements. As a zone substatement, the limit applies only to that zone. As an options substatement, the limit applies to all zones that don't have an explicit limit.
3.10.4 See Also
Section 1.17 for instructions on configuring a name server as a slave for a zone and "Zone Transfers" in Chapter 10 of DNS and BIND.