From 5b05cd5a59ed7f1ca93324973ed4da31f8adcf42 Mon Sep 17 00:00:00 2001
From: Bart Geesink <bart.geesink@surf.nl>
Date: Wed, 3 Jul 2024 13:54:32 +0200
Subject: [PATCH] Bind: Disallow AXFR for the high availability zone

---
 roles/bind/templates/named.conf.options.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/bind/templates/named.conf.options.j2 b/roles/bind/templates/named.conf.options.j2
index 5c884184a..3e4b32dc2 100644
--- a/roles/bind/templates/named.conf.options.j2
+++ b/roles/bind/templates/named.conf.options.j2
@@ -7,6 +7,7 @@ options
         listen-on       port 53 { any; };
         listen-on-v6    port 53 { any; };
         allow-query     { any; };
+        allow-transfer  { none; };
         recursion       no;
         pid-file        "/run/named/named.pid";
         session-keyfile "/run/named/session.key";