Bind 4 question.. Disabling World lookups..
Cricket Liu
cricket at acmebw.com
Thu Apr 20 21:06:50 UTC 2000
> I have a server which is both an MX and a primary NS for our domain. What
> I'd like to do is disable named from resolving queries except for the
local
> domain, but I'd still like the Mail software to be able to resolve MX
> queries for outgoing mail.
I described some setups like this in
http://www.acmebw.com/papers/securing.pdf.
> I tried removing the cache/./db.cache entry in named.boot, and then
pointing
> the local resolv.conf file back to a server which can do world lookups for
> MX queries on the local machine.
That's close. If you have a BIND 4.9 name server, you
could just turn recursion off with:
options no-recursion
You might want to put the cache directive back at that
point, just so named doesn't squawk at you.
> It would seem, however, that if named doesn't have a cache entry in
> named.boot it uses the local resolv.conf file to query the servers listed
> and provides information anyways.
No, that's not true. named doesn't read resolv.conf.
cricket
Acme Byte & Wire
cricket at acmebw.com
www.acmebw.com
Attend the next Internet Software Consortium/Acme Byte & Wire
DNS and BIND class! See www.acmebw.com/training.htm for
the schedule and to register for upcoming classes.
More information about the bind-users
mailing list