{"description": "Is it necessary for a secondary nameserver to receive zone data\nvia zone transfer from the primary server?  If not, follow the instructions in\nthis section. If so, see the next section for instructions on protecting zone\ntransfers.\nAdd or correct the following directive within <tt>/etc/named.conf</tt>:\n<pre>options {\n  allow-transfer { none; };\n  ...\n}</pre>", "rationale": "If both the primary and secondary nameserver are under your control,\nor if you have only one nameserver, it may be possible to use an external\nconfiguration management mechanism to distribute zone updates. In that case, it\nis not necessary to allow zone transfers within BIND itself, so they should be\ndisabled to avoid the potential for abuse.", "severity": "unknown", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable Zone Transfers from the Nameserver", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml", "template": null}