resolve remove domain only for localhost

Ladislav Vobr lvobr at ies.etisalat.ae
Sun Jun 13 03:18:21 UTC 2004



Jonas Meurer wrote:
> hello,
> I have bind9 on my server, and it manages 2 domains without problems
> (master dns for these two). Anyway, I kept the root zone entry in
> named.conf, and later replaced it by a forwarders option, because i'dd
> like to use the nameserver as normal ns for the system too, so it should
> resolve all domains existant.
> 
> the problem is, that some wicky guys seem to use my dns-server
> regularely what creates big amount of traffic (2.5GB last month).
> 
> how can i restrict 'lookup of remote domain' to localhost, and resolve
> only the 2 local domains to remote requests?

do you mean, how can I restrict recursion? Use 'allow-recursion' in the 
options part. This will allow only the hosts specified to lookup 
external domains, (if not already in cache)
> 
> other way round: I like restrict usage of the forwarders-option, or of
> the root zone to localhost.
> 
> The problem is: both configuration options don't allow allow-query
> argument, so I have no glue about how to restrict access for these.
> 
you can use 'allow-query' per zone, and disallow it in the main options 
part,

Ladislav

> bye 
>  jonas
> 
> ps: as i'm not subscribed, please cc to my private mail
> 
> -- Attached file included as plaintext by Ecartis --
> -- File: signature.asc
> -- Desc: Digital signature
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> 
> iD8DBQFAy0eJd6lUs+JfIQIRAhACAJ9IY7ahSXsYno24lrw4gSxCckp06ACeLK9g
> pFuzkVHOo+OvG41Bgsxenwg=
> =0zzK
> -----END PGP SIGNATURE-----
> 
> 
> 



More information about the bind-users mailing list