samba - Aug 2016 - DNS zone transfer

Hello!
Own Samba 4.4.5 with BIND 9.9.7, and realized (in older Samba versions 
also) that the DNS zone transfer works when anyone makes the request, 
the update is correct only DC can.
This behavior seems "wrong", right?
Its block I (tried a few things, but without success).

Thank you

Hi Carlos,

Am 25.08.2016 um 18:48 schrieb Carlos A. P. Cunha via
samba:
> Own Samba 4.4.5 with BIND 9.9.7, and realized (in older Samba versions
> also) that the DNS zone transfer works when anyone makes the request,
> the update is correct only DC can.
> This behavior seems "wrong", right?
https://bugzilla.samba.org/show_bug.cgi?id=9634

The internal DNS disallows zone transfers and BIND_DLZ permits. That's a
bug of course and an inconsistent behaviour. However, it's still unfixed.


Regards,
Marc

Sorry to ask, here Bind is configured to not allow zone transfer except for
some IPs. I did tried to transfer AD zone from a machine which is not
allowed to transfer zones according to Bind configuration file, and that
machine was able to transfer what it should not...

Is there other points where Bind configuration file are useless? Is
documented somewhere? This to avoid relying on Bind configuration files
when it is ignored...

2016-08-25 19:19 GMT+02:00 Marc Muehlfeld via samba <samba at
lists.samba.org>:
> Hi Carlos,
>
> Am 25.08.2016 um 18:48 schrieb Carlos A. P. Cunha via samba:
> > Own Samba 4.4.5 with BIND 9.9.7, and realized (in older Samba versions
> > also) that the DNS zone transfer works when anyone makes the request,
> > the update is correct only DC can.
> > This behavior seems "wrong", right?
>
> https://bugzilla.samba.org/show_bug.cgi?id=9634
>
> The internal DNS disallows zone transfers and BIND_DLZ permits. That's
a
> bug of course and an inconsistent behaviour. However, it's still
unfixed.
>
>
> Regards,
> Marc
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>