Access restriction from zone files.
Brett Simpson
Simpsonb at hillsboroughcounty.org
Wed Jan 16 14:03:31 UTC 2002
So if I wanted to setup xyz.hillsboroughcounty.org & a abc.hillsboroughcoun=
ty.org (in order to restrict them with allow-query) then I would have to =
create a separate zone file for each? Or is there a way to group several =
of them togethor in a separate zone file? Thanks.
Brett
>>> Pete Ehlke <pde at foad.org> 01/15/02 06:05PM >>>
* Brett Simpson <Simpsonb at hillsboroughcounty.org> said, on [020115 14:27]:
> So then I would have another zone called internal.hillsboroughcounty.org =
with pimsdbs.internal.hillsboroughcounty.org?
>=20
Well, you *could* do that, but it's not necessary. The apex of a zone
can have an A record. Try like this:
zone "pimsdbs.hillsboroughcounty.org" {
type master;
file "master/pimsdbs.hillsboroughcounty.org";
allow-query { 1.2.3; 4.5.6.7; };
};
where the zone file for pimsdbs.hillsboroughcounty.org looks like this:
$TTL 86400
@ IN SOA ns1.hillsboroughcounty.org. root.ns1.hillsboroughcounty.org. (
2002010310 ; serial
6H ; refresh
30M ; retry
3D ; expiry
4H ) ; minimum
=20
=20
;; AUTHORITY SECTION:
IN NS ns2.hillsboroughcounty.org.
IN NS ns1.hillsboroughcounty.org.
IN A 4.5.6.7
And you'd change the A record for pimsdb in hillsbroughcounty.org to
this:
pimsdb IN NS ns1.hillsboroughcounty.org.
IN NS ns2.hillsboroughcounty.org.
-Pete
More information about the bind-users
mailing list