BIND DNS: Disable Dynamic Updates

BIND9 dynamic updates allow remote servers to add, delete, or modify any entries in my zone file. How do I disable dynamic updates under BIND 9 (named) for any zone?

Dynamic updates can be risky, and disabling them is recommended. Another solution is to limit dynamic updates using ACLs and TSIG keys.

Linux / UNIX named Disable Dynamic Updates

Edit named.conf, run:
# vi named.conf
For each domain zone, set allow-update to none:

zone "cyberciti.com" IN {
  ....
  allow-update { none; };
  ...
}

🐧 Please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
1 comment… add one
  • Tony Dec 23, 2009 @ 16:31

    The default mode for ‘allow-update’ is ‘none’ in Bind 9.

    You should have no need to disable this in a per domain basis.

    Tony.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @ webmaster@cyberciti.biz