security and allow-query and/or acl
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Sat Sep 20 00:35:21 UTC 2003
> I wanted to ask about the proper use of allow-query. I read that this should
> be set up to allow queries only from local machines on my network. What are
> the pros and cons for doing that? Would this prevent my external slaves
> from being able to resolve my domain? My guess is that my external slaves
> only need to be able to perform a zone transfer? If allow-query should be
> set up to deny all queries from outside my domain, would an acl be a better
> choice than using allow-query?
>
allow-query takes an acl.
You generally override the global allow-query at the zone level.
e.g.
acl "recursive-clients" {
...
};
options {
...
allow-query { recursive-clients; };
};
zone "example.net" {
type [master|slave];
...
allow-query { any; };
};
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list