allow-query or something else?

alexus ml at db.nexgen.com
Mon Jun 4 23:49:14 UTC 2001 

should i just add

allow-recursion in options in /etc/named.conf ?


----- Original Message -----
From: "Tim Maestas" <tmaestas at dnsconsultants.com>
To: "alexus" <ml at db.nexgen.com>
Cc: <bind-users at isc.org>
Sent: Monday, June 04, 2001 7:45 PM
Subject: Re: allow-query or something else?


>
> I think what you are looking for is allow-recursion.
>
> -Tim
>
>
>
> On Mon, 4 Jun 2001, alexus wrote:
>
> >
> > i'm sorry for not being clear
> >
> > basically what i want to do is restrict people from using my name
server,
> > but when i put allow-query i don't think it serves my domains anymore,
> > 'cause neither root servers and/or secondary and/or primary nameserver
that
> > hosting this domain won't be able to access this nameserver.
> >
> > grr.. it sounds so unclear again:(
> >
> > let me put it this way..
> >
> > i have my box (nameserver) which is box.nexgen.com, plus i have some
other
> > box let's say box2.nexgen.com .. for example they hosting example.com
domain
> > box.nexgen.com being as a primary and box2.nexgen.com being as a
secondary
> > name server, after i add allow-query on box.nexgen.com i get this denied
> > error message in logs file which is supposly fine.. *BUT* my feeling is
that
> > after limiting query i also limiting everyone to see any changes that i
do
> > to that domain,
> >
> > in other words i want people from outside of my network (evil internet)
to
> > allow query only domains that i host and whoever is on my inside network
> > (local network) to query whatever they want.
> >
> > ----- Original Message -----
> > From: "Kevin Darcy" <kcd at daimlerchrysler.com>
> > To: <bind-users at isc.org>
> > Sent: Monday, June 04, 2001 6:52 PM
> > Subject: Re: allow-query or something else?
> >
> >
> > >
> > > alexus wrote:
> > >
> > > > Hi
> > > >
> > > > I'm using bind 9.x and I serve few primary/secondary zones
> > > >
> > > > I want to limit use of query for anyone who's outside my network to
> > domains
> > > > that i serve only and not for anything else.. does anyone know how
to do
> > it?
> > > >
> > > > i put allow-query but, but then i start geting messages
> > > >
> > > > box named[18928]: client xxx.xx.xxx.xx#26353: query 'xxx.com/IN'
denied
> > > >
> > > > i assuming my name server is not really serving those zones anymore
even
> > > > though it does for people who's on the list in allow-query..
> > >
> > >  I'm not sure what the problem is here. You want to restrict access to
> > your
> > > nameserver, and the log message above indicates that you denied a
query.
> > Isn't
> > > that what you wanted?
> > >
> > > Or, does all of that xxx.xx.xxx.xx garbage indicate that you denied a
> > query
> > > that you shouldn't have? This isn't clear from your message...
> > >
> > >
> > > - Kevin
> > >
> > >
> > >
> >
> >
>
>

More information about the bind-users mailing list