Query denied errors on PTR records for delegated zone

Robert Spangler mlists at zoominternet.net
Tue Feb 23 00:54:20 UTC 2010


On Monday 22 February 2010 19:26, Geoff Sweet wrote:

>  I have tried several different attempts to make this work, and the only
> change that works is to set in the options allow-query{any;};.  However the
> problem with that is that it then permits anyone to make any query against
> my nameservers and I don't want that.

That the purpose of having a public DNS server? So others can get your public 
DNS information? You want them to be able to query your server for your 
information but not allow recursion.  By only allowing localhost, localnets 
and wemadenets, everyone else is blocked thus they cannot get your 
information.

> Can anyone here offer me some advice as to what I am doing wrong?  For 
reference here is my config file:
>
>  acl wemadenets { 66.150.173.0/26; };
>
>  options {
>          directory               "/var/named";
>          dump-file               "/var/named/data/cache_dump.db";
>          statistics-file         "/var/named/data/named_stats.txt";
>          memstatistics-file      "/var/named/data/named_mem_stats.txt";
>          allow-query             { localhost; localnets; wemadenets; };
>          allow-recursion         { wemadenets; };
>  };

Edit allow-query and allow any.  Then everyone can get your information and 
still not use your server for recursion

I take it you are working off some sort of how-to for this.


-- 

Regards
Robert

Linux User #296285
http://counter.li.org



More information about the bind-users mailing list