acl's on host
Jim Reid
jim at rfc1035.com
Fri Apr 7 17:40:11 UTC 2000
>>>>> "Simon" == Simon Taylor <simon at band-x.net> writes:
Simon> Hi, Is it possible, using the acl feature in named.conf, to
Simon> block lookups on specific hosts in a domain instead of
Simon> blocking the whole domain? e.g : allow all lookups in
Simon> crap.com except for private1.crap.com and private2.crap.com etc.
What do you mean, prevent private1.crap.com and private2.crap.com from
querying the name server? If so, BIND8's ACLs can do this. However the
ACLs apply to IP addresses, not domain names. If you meant that the
resource records for private1.crap.com and private2.crap.com would
only be available to selected IP addresses that query the name server,
the answer is perhaps. Split DNS can do this - ie two different copies
of the crap.com domain, one on the inside for internal use and one on
the outside for the rest of the world. This might be overkill or not
flexible enough. The views mechanism which is proposed for BIND9
should provide a somewhat simpler way to do this.
The DNS is a public database, so if you want to keep something secret
- like the IP addresses of private1.crap.com and private2.crap.com for
instance - you shouldn't put them in the public copy of the crap.com
domain!
More information about the bind-users
mailing list