Use of ACLs

Barry Margolin barmar at genuity.net
Fri Jul 6 17:14:24 UTC 2001


In article <9i4r74$910 at pub3.rc.vix.com>,
Paco Orozco  <forozco at ecom5.eresmas.com> wrote:
>I don't understand how to use ACLs on DNS server. If I've got a
>primary server, everyone can access to its data, because it is the
>primary, so i can't limit access.
>
>Then if i've got a secondary server Can I limit access to its data?

Everyone needs to access the data on the secondary server, too, so that it
can be used when the primary server is down.  That's the purpose of a
secondary server, isn't it?

You might want to use allow-transfer to prevent anyone except the secondary
server and your administrative machines from performing zone transfers.
And if these are also intended to be used as resolvers, you could use
allow-recursion to limit this access to the clients on your network.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


More information about the bind-users mailing list