allow-query or something else?

Kevin Darcy kcd at daimlerchrysler.com
Tue Jun 5 00:13:35 UTC 2001


See the documentation. Allow-recursion takes addresses, address ranges, or
named ACLs (which in turn ultimately refer to addresses and/or address ranges).


- Kevin

alexus wrote:

> allow-recursion which ip do i need specify? or should i specify domain
> names?
>
> can you suggest any documntation on that?
>
> ----- Original Message -----
> From: "Tim Maestas" <tmaestas at dnsconsultants.com>
> To: "alexus" <ml at db.nexgen.com>
> Cc: <bind-users at isc.org>
> Sent: Monday, June 04, 2001 7:45 PM
> Subject: Re: allow-query or something else?
>
> >
> >
> > I think what you are looking for is allow-recursion.
> >
> > -Tim
> >
> >
> >
> > On Mon, 4 Jun 2001, alexus wrote:
> >
> > >
> > > i'm sorry for not being clear
> > >
> > > basically what i want to do is restrict people from using my name
> server,
> > > but when i put allow-query i don't think it serves my domains anymore,
> > > 'cause neither root servers and/or secondary and/or primary nameserver
> that
> > > hosting this domain won't be able to access this nameserver.
> > >
> > > grr.. it sounds so unclear again:(
> > >
> > > let me put it this way..
> > >
> > > i have my box (nameserver) which is box.nexgen.com, plus i have some
> other
> > > box let's say box2.nexgen.com .. for example they hosting example.com
> domain
> > > box.nexgen.com being as a primary and box2.nexgen.com being as a
> secondary
> > > name server, after i add allow-query on box.nexgen.com i get this denied
> > > error message in logs file which is supposly fine.. *BUT* my feeling is
> that
> > > after limiting query i also limiting everyone to see any changes that i
> do
> > > to that domain,
> > >
> > > in other words i want people from outside of my network (evil internet)
> to
> > > allow query only domains that i host and whoever is on my inside network
> > > (local network) to query whatever they want.
> > >
> > > ----- Original Message -----
> > > From: "Kevin Darcy" <kcd at daimlerchrysler.com>
> > > To: <bind-users at isc.org>
> > > Sent: Monday, June 04, 2001 6:52 PM
> > > Subject: Re: allow-query or something else?
> > >
> > >
> > > >
> > > > alexus wrote:
> > > >
> > > > > Hi
> > > > >
> > > > > I'm using bind 9.x and I serve few primary/secondary zones
> > > > >
> > > > > I want to limit use of query for anyone who's outside my network to
> > > domains
> > > > > that i serve only and not for anything else.. does anyone know how
> to do
> > > it?
> > > > >
> > > > > i put allow-query but, but then i start geting messages
> > > > >
> > > > > box named[18928]: client xxx.xx.xxx.xx#26353: query 'xxx.com/IN'
> denied
> > > > >
> > > > > i assuming my name server is not really serving those zones anymore
> even
> > > > > though it does for people who's on the list in allow-query..
> > > >
> > > >  I'm not sure what the problem is here. You want to restrict access to
> > > your
> > > > nameserver, and the log message above indicates that you denied a
> query.
> > > Isn't
> > > > that what you wanted?
> > > >
> > > > Or, does all of that xxx.xx.xxx.xx garbage indicate that you denied a
> > > query
> > > > that you shouldn't have? This isn't clear from your message...
> > > >
> > > >
> > > > - Kevin
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
> >





More information about the bind-users mailing list