More on advisory question
Barry Margolin
barmar at bbnplanet.com
Fri Oct 8 20:24:31 UTC 1999
In article <Pine.GSO.4.05.9910081413510.15851-100000 at nic.com>,
Dave Wreski <dave at nic.com> wrote:
>Why is the ACL 'trusted' not known?
How is BIND supposed to know what IP addresses you trust? You have to
define it using an "acl" statement. For example,
acl trusted { 192.168.10.0/24; 10.145.0.0/16; };
specifies that only addresses 192.168.10.x and 10.145.x.x addresses are
trusted.
>Also, it states that 'unapproved query from ...' messages can be sent to a
>seperate file using another syslog facility. What is the facility that it
>uses?
Use the "security" category in the named.conf logging statement.
>Actually, how do I prevent unauthorized queries? I'd like to prevent
>someone from doing:
>
># nslookup www.netscape.com ns.mydomain.com
How do you possibly think you can stop people on machines you have no
control over from typing that command? All you can do is configure your
server so it won't answer them.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list