BIND configuration question
Greg Maccarone
gmaccarone at gmail.com
Wed Apr 27 12:53:19 UTC 2005
On 4/27/05, Ronald I. Nutter <ronald_nutter at georgetowncollege.edu> wrote:
> I have posted a couple of messages over the last few days. Guess I am
> not asking the question the right way. I am trying to restrict our
> external DNS server running BIND to only allow lookups to domains we are
> handling when those requests come from outside our network. I want our
> internal users (which will be coming from one of 5 class C ip ranges we
> are assigned) to be able to to recursive lookups, etc without any
> problems. I tried using the Secure Bind Template I found but the
> problem I ran into was that the server quits responding to any DNS
> requests when that is used. Another message I talked about referenced
> Split DNS but I don't think that is the right term to use for what I am
> trying to do.
>=20
> Suggestions ?
I would just make an ACL and include all the class C's that you want
to be able to recurse, and then in the named.conf under the options
statement add a line like:
allow-recursion { the-acl; };
That will only allow recursion for the IPs specified in the ACL, and
as long as you don't have an allow-query statement in there limiting
who you answer queries for, queries should be able to be answered for
any connecting host.
Hope this helps.
--=20
Greg Maccarone
gmaccarone at gmail.com
More information about the bind-users
mailing list