Jump to content
Sign in to follow this  
cyris

Bind9 ACLs

Recommended Posts

I'm trying to setup Bind9 so that people cant point their dns server addresses to my box and do lookups off my server, but still have them able to query my dns server for the domains its authoritive for.

 

My named.conf

 

acl bogusnets {0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;};

options {

directory "/var/named";

version ":P";

blackhole { bogusnets; };

allow-recursion { none; };

};

zone "xyz.ca" {

type master;

file "data/named.xyz.ca";

allow-query { any; };

};

 

The only way I've been able to stop people from doing lookups off my server is by setting recursion to none. I would like to have my localnet to have the option of doing lookups off my box so I need a more suited way of controling who does lookups off my box.

 

I have read about views and I wont be serving different content to my localnet so I dont think I require them.

 

Version info

 

bind-utils-9.3.1-4

bind-chroot-9.3.1-4

bind-libs-9.3.1-4

ypbind-1.17.2-5

 

2.6.11-1.1369_FC4

 

Thanks

  • Like 2

Share this post


Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...