bind zone in BIND 9

Don Stokes don at daedalus.co.nz
Sat Nov 16 01:07:44 UTC 2002


Hi Folks,

In BIND 8 I was able to restrict access to the BIND zone quite easily,
simply by refusing queries in all zones, and enabling for the zones I
wanted served, e.g.

	options {
		...
		recursion no;
		allow-query { none; };
	}

	zone "foo" {
		...
		allow-query { any; };
	}

This a query for "x.bar." would be refused, as would a query for
"version.bind.".  "x.foo." of course works fine, which is what I want.

With BIND 9 (9.2.1), the above configuration doesn't work.  "x.foo."
works fine, "x.bar." is refused, but "version.bind." is allowed.

(a) Why?!?!?

(b) How can I stop it, short of defining a completely separate
"bind" zone and then denying access to it?  This seems messy to me.

-- don


More information about the bind-users mailing list