Access Controll on bind 9?

Mark_Andrews at Mark_Andrews at
Wed Jun 19 08:10:03 UTC 2002

> I am trying to add a bit of access control on bind.  Basically I have
> domains hosted on the servers that I need to allow queries from everyone,
> but I only want select addresses to be able to use it as a caching name
> server.  If I could do an "allow-query" for the "." hint zone then that
> would be about perfect, but I tried that and bind says I can't do it.
> The only thing I can think of is running two copies of bind (well, two per
> server) and binding one to one ip and the other to another.  Then I could
> setup a firewall rule for the caching side IP to only allow certain traffic,
> and allow everything on the other IP but don't have a hint zone on that one.
> Seems like a big pain though, even if it would work.
> Does anyone have any ideas?
> Thanx

	options {
		allow-query { clients; };

	zone "" {
		allow-query { any; };

Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at

More information about the bind-users mailing list