Disable recursion externally, allow internally
Barry Margolin
barmar at alum.mit.edu
Thu Apr 27 22:49:53 UTC 2006
In article <e2qo3s$12hc$1 at sf1.isc.org>,
"milney_boy" <milneyboy at googlemail.com> wrote:
> Hello,
>
> I'm trying to set up a BIND (version 9.2 i think) server to host DNS
> for my domains. I have set up a RHEL server with a public IP address
> and am now confguring BIND.
>
> As background info, my resolv.conf file has one "nameserver
> xxx.xxx.xxx.xxx" line, where xxx.xxx.xxx.xxx is the public IP address
> that I have given the server (I am not using NAT for this).
>
> I want to set up BIND to allow recursive queries when I do internal
> nslookups, but to not when a query comes from anywhere else.
You don't need views, you just need to use allow-query.
In the main options section, put "allow-query { internalhosts; };".
Then in each public zone that you host, put "allow-query { any; };".
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list