Query Denied bind 9.4
Merton Campbell Crockett
m.c.crockett at roadrunner.com
Tue Nov 27 02:42:19 UTC 2007
On 26 Nov 2007, at 10:35:00, Alan Clegg wrote:
> Dean Clapper wrote:
>> I made the changes in /etc/named.conf.
> I meant what machine (IP address, name, etc), not what file. ;)
>
>> I created an acl for internal IPs and changed
>>
>> allow-query { any; };
>> to
>> allow-query {internals;};
>>
>> Since that name is my email server, I have to let the outside world
>> query
>> only that name? I don't want everyone to query everything, just
>> the single
>> name right?
>
> Turning off queries on an authoritative nameserver is not what you are
> wanting to do...
>
> I'm guessing that you are wanting to turn off recursion, not turn off
> queries completely.
Probably want the following.
allow-query { any; };
allow-query-cache { internals; };
allow-recursion { internals; };
Allows BIND to answer queries for zones that it is an authoritative
name server. Internal users are allowed to perform recursive queries
and cached answers are only available to internal users.
If you are a name server for zones that are strictly internal, set
"allow-query { internal; };" in the zone statement.
Merton Campbell Crockett
m.c.crockett at roadrunner.com
More information about the bind-users
mailing list