ACLs and zone ".", Why doesn't it work anymore?

[Jim Reid]

>>>>> "Jeremy" == Jeremy Fowler <jeremy at microlink.net> writes:

    Jeremy> I just upgrade my RH Linux server to 6.1. My old
    Jeremy> named.conf file had a acl for zone "." which was a quick
    Jeremy> and easy way for me to limit who used the DNS server for
    Jeremy> internet access. I worked fine with the version of Bind
    Jeremy> that shiped with RH Linux 5.2, but named crashes with it
    Jeremy> now. Is there a better (easier) way of limiting internet
    Jeremy> access without going through the hassle of setting up a
    Jeremy> proxy server? Not that I would mind setting one up, it's
    Jeremy> just I've never done it before.

If your named.conf file *really* crashes the name server, then there
is a serious bug in BIND that needs fixing. Submit a bug report.

It's also not clear what you're trying to do. Using an ACL to prevent
lookups of the root zone (=> most of the stuff under it) doesn't seem
to make sense. If you don't want users or applications to resolve
internet names, set up your own internal root zone. Blocking DNS
lookups to "limit internet access" doesn't seem a good idea either.
Wouldn't that job be better done by a firewall?