From 97bb9d87e5228ab9baf37898563ef96d98408a63 Mon Sep 17 00:00:00 2001 From: Chris O'Haver Date: Tue, 29 Jun 2021 22:09:23 -0400 Subject: [PATCH] fix to docs; add acl example (#4711) Signed-off-by: Chris O'Haver --- plugin/transfer/README.md | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/plugin/transfer/README.md b/plugin/transfer/README.md index 8924a1e79..a7c6dca7f 100644 --- a/plugin/transfer/README.md +++ b/plugin/transfer/README.md @@ -31,9 +31,29 @@ transfer [ZONE...] { `transfer.Transferer`. * `to` **ADDRESS...** The hosts *transfer* will transfer to. Use `*` to permit transfers to all - addresses. **ADDRESS** must be denoted in CIDR notation (e.g., 127.0.0.1/32) or just as plain - addresses. `to` may be specified multiple times. + addresses. Zone change notifications are sent to all **ADDRESS** that are an IP address or + an IP address and port e.g. `1.2.3.4`, `12:34::56`, `1.2.3.4:5300`, `[12:34::56]:5300`. + `to` may be specified multiple times. + +You can use the _acl_ plugin to further restrict hosts permitted to receive a zone transfer. +See example below. ## Examples -See the specific plugins using this plugin for examples on it's usage. +Use in conjuction with the _acl_ plugin to restrict access to subnet 10.1.0.0/16. + +``` +... + acl { + allow type AXFR net 10.1.0.0/16 + allow type IXFR net 10.1.0.0/16 + block type AXFR net * + block type IXFR net * + } + transfer { + to * + } +... +``` + +Each plugin that can use _transfer_ includes an example of use in their respective documentation. \ No newline at end of file