BIND DNS: Disable Dynamic Updates

Posted on in Categories , , , , , , , , , , last updated December 14, 2009

BIND9 dynamic updates allow remote servers to add, delete, or modify any entries in my zone file. How do I disable dynamic updates under BIND 9 (named) for any zone?

Dynamic updates can be risky, and disabling them is recommended. Another solution is to limit dynamic updates using ACLs and TSIG keys.

Linux / UNIX named Disable Dynamic Updates

Edit named.conf, run:
# vi named.conf
For each domain zone, set allow-update to none:

zone "cyberciti.com" IN {
  ....
  allow-update { none; };
  ...
}

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

1 comment

Leave a Comment