My DNS Server Doing Recursive Lookups for the World?
Nate Campi
nate at wired.com
Mon Feb 25 18:42:24 UTC 2002
On Mon, Feb 25, 2002 at 04:48:26PM +0000, eric at nnrp.callatg.com wrote:
> How do I keep from operating an "open" or "public" dns server?
>
> I want my dns server to:
>
> 1. Answer queries from the outside for servers in my own domains.
>
> 2. Do recursive lookups for my own users.
>
> I want to prevent people from the outside from configuring their
> systems to use my dns server for name resolution.
In named.conf, in the options{} section:
allow-recursion { 127.0.0.1; 10.0.0.0; };
Put in the nets you want to allow. You can use acls too:
acl recursive-nets {
10.0.0.0/8; // internal workstation net
192.168.1.0/24; // dev server net
};
Then use the acl in your allow-recursion statement:
allow-recursion { recursive-nets; };
Easier to comment things this way. The benefits are more apparent when
you also use acls for all your directives that take IPs (like
allow-transfer, also-notify, etc).
--
Nate Campi Job: hostmaster at lycos.com and root at wired.com
The only way to convince some people that HTML is about content, not
style is with a 2x4 <PLANK>.
More information about the bind-users
mailing list