ACLs

An Access Control List is a list of CIDR blocks or IP addresses (IPv4 or IPv6), and optionally TSIG keys, to be applied as permissions so that a zone under our administration can be transferred to a $

The transfer action is known as AXFR, and by default, it is completely denied, so a list of authentication conditions must be explicitly defined.

The purpose of an ACL is to apply it to a zone to allow it to be transferred to a server outside our networks, such as if a client requires a copy of their zones on their own servers.

This occurs when a domain is marked as allowed to transfer, in which case it is mandatory to assign it an ACL to determine the transfer permissions. The “transfer permissions” are requirements that must be $

If you want to mass-mark a large number of domains as allowed to transfer with an ACL, it is more convenient to use the PDNS API instead of doing it through the web interface.

../_images/pdns-acl.jpg

Step-by-step guide to creating an ACL

Within your company section, on the left side, click on Company ACLs

../_images/acl-1.png

Then go to +Add ACL, assign a name, and click SAVE

../_images/acl-2-1.png ../_images/acl-2.png

Once created, click on Components, and from there you can use the options: +IPv4 address, +IPv4 block, +IPv6 block, or +HMAC-SHA256 TSIG Key

For this example, we will use +IPv4 address:

../_images/acl-3.png

The recently added IP is now enabled for AXFR transfers.