Access restriction from zone files.

[Brett Simpson]

So if I wanted to setup xyz.hillsboroughcounty.org & a abc.hillsboroughcoun=
ty.org (in order to restrict them with allow-query) then I would have to =
create a separate zone file for each? Or is there a way to group several =
of them togethor in a separate zone file? Thanks.

Brett

>>> Pete Ehlke <pde at foad.org> 01/15/02 06:05PM >>>
* Brett Simpson <Simpsonb at hillsboroughcounty.org> said, on [020115 14:27]:
> So then I would have another zone called internal.hillsboroughcounty.org =
with pimsdbs.internal.hillsboroughcounty.org?
>=20

Well, you *could* do that, but it's not necessary. The apex of a zone
can have an A record. Try like this:

zone "pimsdbs.hillsboroughcounty.org" {
        type master;
        file "master/pimsdbs.hillsboroughcounty.org";
        allow-query { 1.2.3; 4.5.6.7; };
};

where the zone file for pimsdbs.hillsboroughcounty.org looks like this:

$TTL 86400
@  IN SOA  ns1.hillsboroughcounty.org.  root.ns1.hillsboroughcounty.org. (
                                        2002010310      ; serial
                                        6H              ; refresh
                                        30M             ; retry
                                        3D              ; expiry
                                        4H )            ; minimum
=20
=20
;; AUTHORITY SECTION:
        IN NS  ns2.hillsboroughcounty.org.
        IN NS  ns1.hillsboroughcounty.org.
        IN A   4.5.6.7


And you'd change the A record for pimsdb in hillsbroughcounty.org to
this:

pimsdb  IN NS ns1.hillsboroughcounty.org.
        IN NS ns2.hillsboroughcounty.org.

-Pete