Disable recursion externally, allow internally

Barry Margolin barmar at alum.mit.edu
Thu Apr 27 22:49:53 UTC 2006

In article <e2qo3s$12hc$1 at sf1.isc.org>,
 "milney_boy" <milneyboy at googlemail.com> wrote:

> Hello,
> I'm trying to set up a BIND (version 9.2 i think) server to host DNS
> for my domains.  I have set up a RHEL server with a public IP address
> and am now confguring BIND.
> As background info, my resolv.conf file has one "nameserver
> xxx.xxx.xxx.xxx" line, where xxx.xxx.xxx.xxx is the public IP address
> that I have given the server (I am not using NAT for this).
> I want to set up BIND to allow recursive queries when I do internal
> nslookups, but to not when a query comes from anywhere else.

You don't need views, you just need to use allow-query.

In the main options section, put "allow-query { internalhosts; };".  
Then in each public zone that you host, put "allow-query { any; };".

Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list