named.conf problem with acl
Kevin Darcy
kcd at daimlerchrysler.com
Fri Jan 26 04:05:43 UTC 2001
The comment doesn't match the ACL definition. 195.18.158.0/28 only goes up
to .15, not .63. Could that be the problem?
- Kevin
Odd Magne wrote:
> Hi I have a problem with my configuration file.
> I am using 9.0.1.
> I belive that the allow statments in the options section are global but
> can be bypassed by allow.. statments in each zone is that wrong ?
>
> Is it possibly or any need to use allow .. in zone " . " ?
>
> I tried to allow query world-wide for my zone mydomain.com. And I only
> want trusted hosts to use my nameserver for other lookups. With my
> current file no one but localhost can query my nameserver. If i remove
> allow-recursion all hosts can use my server. I also tried to change
> option allow-query to none in option and any in mydomain.com zone. That
> dident work noone could access my server then.
> What am i doing wrong. Where is the correct places to put my allow
> statments ? In witch order are they read ? Please help me
>
> Regards Odd M Mogerhagen
>
> acl "server-xfer" {
> 195.18.158.6;
> };
>
> acl "trusted" {
> localhost;
> 195.18.158.0/28; # .1-63
> };
>
> acl "bogon" { # Dont reply query from these adresses.
> 0.0.0.0/8; # Null addresses
> 1.0.0.0/8; # IANA Reserved
> 2.0.0.0/8; # ---- . ------
> 192.0.2.0/24; # Test address
> 224.0.0.0/3; # Multicast addresses
> 10.0.0.0/8; # Enteprise networks may not be bogus
> 172.16.0.0/12; # If you yose these addresses remove
> 192.168.0.0/16;# the serie you use.
> };
>
> options {
> directory "/usr/named";
> pid-file "/usr/named/named.pid";
> auth-nxdomain yes;
> allow-query {
> any;
> };
> allow-recursion {
> trusted;
> };
> allow-transfer {
> server-xfer;
> };
> blackhole {
> bogon;
> };
> };
>
> zone "." in {
> type hint;
> file "root.cache";
> };
>
> zone "0.0.127.in-addr.arpa" in {
> type master;
> file "db.127";
> };
> };
>
> zone "mydomain.com" in {
> type master;
> file "db.mydomain.com";
> };
> };
More information about the bind-users
mailing list