Dear Friends,
I am having a bind9 server configured with multiple zones, This is a standalone box. Now I want to configure slave to this. To configure slave I will have to go and edit the zone config file and add allow-transfer for each zone. What I am trying to achieve is Instead of defining allow transfer for each zone block I would like to define allow zone transfer at single place in config file. Future constraints I am considering are.
If in future we change the slave ip or add another slave I would like to keep config editing requirement to minimal. Also dns is mostlikely going to be used over internal network only.

So question here is

* Is it possible to define allow zone transfer at single place or I will have to define allow-transfer every individual zone block?
* IS there better approach to this?
* what trade-off is advisable in terms of security to achive more simplicity in terms of config and managing internal dns service?

Other Detais:-
OS:- centos7
APP Version:- bind9
ENV :- (chroot)

Thank you.

* Sure it's possible. You need to put the allow-transfer directive into the "Options" part of the main named.conf.

* None that I can think of

* Better read the full e-book from the link above.


Cheers

Thank For reply bathory

I've settled for global allow-transfer directive on master server and TSIG setup.

Regards