BIND ACL to restrict zone trasfer with IP address

You need to define ACL in /etc/named.conf or /etc/bind/named.conf.local file. Let us say IP and are allowed to transfer your zones.

# vi named.conf or vi /etc/bind/named.conf.local

Here is sample entry for domain (ns1 configuration):

acl trusted-servers {; //ns1; //ns2

zone "" {
 type master;
 file "/var/lib/bind/";
 also-notify {; 
 notify yes;
 allow-transfer { trusted-servers; };

Next add zone Please note that you must use set of hosts later in each zone’s configuration block i.e. put line allow-transfer { trusted-servers; }; for each zone / domain name.

Restart named:

# /etc/init.d/named restart

How do I test zone transfers restrictions are working or not?

Use any UNIX dns tool command such as nslookup, host or dig. For example, following example uses host command to request zone transfer:

$ host -T axfr


;; Connection to for axfr failed: connection refused.

Leave a Reply