restricting on IP bases??
Barry Margolin
barmar at genuity.net
Tue Jul 3 14:35:08 UTC 2001
In article <9hsbr6$ffd at pub3.rc.vix.com>, hhoxha <hhoxha at atnet.com.al> wrote:
>
>Hi everybody.
>I am running a name server for our domain atnet.com.al
>we have a class C network 195.22.199.0 .
>Normally i allow query from any host at this class.
>But i want to disallow quering to my name server let say from
>some IP at this class.I mean single IP-s not subbnets .
>I have the name server configured with one ACL holding
>this C class and allow query only form this ACL
>and it is of the form
>acl trusted { 195.22.199/24;};
>But now i want some host within this range to not be able to make querys
>to my name server
>or at least non reqursive querys
>The first step i guess i creating another acl with these IP-s but i am
>in doubt what
>option to apply to this new acl.???
acl trusted { 195.22.199/24; };
acl untrusted { 195.22.199.123; };
allow-recursion { !untrusted; trusted; };
or:
acl trusted { !195.22.199.123; 195.22.199/24; };
allow-recursion { trusted; };
>And how does the named searches through acls ???does it checks the first
>in the list of acls
It process them in order.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list