Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Bind9 ACLs
#1

I'm trying to setup Bind9 so that people cant point their dns server addresses to my box and do lookups off my server, but still have them able to query my dns server for the domains its authoritive for.

 

My named.conf

 

acl bogusnets {0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;};

options {

directory "/var/named";

version ":P";

blackhole { bogusnets; };

allow-recursion { none; };

};

zone "xyz.ca" {

type master;

file "data/named.xyz.ca";

allow-query { any; };

};

 

The only way I've been able to stop people from doing lookups off my server is by setting recursion to none. I would like to have my localnet to have the option of doing lookups off my box so I need a more suited way of controling who does lookups off my box.

 

I have read about views and I wont be serving different content to my localnet so I dont think I require them.

 

Version info

 

bind-utils-9.3.1-4

bind-chroot-9.3.1-4

bind-libs-9.3.1-4

ypbind-1.17.2-5

 

2.6.11-1.1369_FC4

 

Thanks

Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)