Stephane Bortzmeyer bortzmeyer at
Wed Nov 12 15:53:20 UTC 2003

On Wed, Nov 12, 2003 at 04:13:00PM +0100,
 Fridtjof Busse <fbusse at> wrote 
 a message of 18 lines which said:

> But I'd like to block all access in hosts.deny and only allow access to 
> all zones via hosts.allow to one host (secondary), no zone-specific 
> configuration (so I don't have to add another rule to hosts.allow every 
> time I create a new zone).
> Any way to do that?

Here is the way I do it:

ns2:~ % more /etc/hosts.deny 
# Block everything
ALL: ALL : spawn /bin/logger -i -p "%s REFUSED from %a (%h)" : deny

ns2:~ % more /etc/hosts.allow
# Allow for local network only
axfr:, : spawn /bin/logger -i -p "nsd zone transfer (%s) accepted from %a (%h)" : allow
# Per request from Slovenia
axfr-si: : spawn /bin/logger -i -p "nsd zone transfer (%s) accepted from %a (%h)" : allow

More information about the nsd-users mailing list