Restrict Recursive Queries
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Sep 25 21:20:58 UTC 2002
>
> I am an ISP and am wanting to restrict who uses my DNS server, I.E. my
> competitor's. I have a DNS (Bind 9.1.1, RH 7.1) server that serves as both
BIND 9.1.1 is well past its "use by" date.
http://www.cert.org/advisories/CA-2002-15.html
> a Name Server and Caching server. I think the following would be correct,
> but would like for someone to verify this for me:
>
> view "internal" {
> match-clients { my.own.ip.block/24; };
> recursion yes;
>
> view "external" {
> match-clients { any; };
> recursion no;
Views are overkill just to stop recursion. See allow-recursion
and allow-query. Allow-recursion allow read-only access to the
cache, allow-query doesn't but you need to add "allow-query { any; };"
at the zone level as well as in options.
Mark
> Thanks,
>
> Kris McElroy
> kmcelroy at duracom.net
>
> Internet Systems Engineer
> Duracom, INC.
> www.duracom.net
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list