acl misunderstanding?
Mipam
mipam at ibb.net
Wed Aug 4 12:08:43 UTC 2004
Hi,
I have a machine which serves as dns behind a firewall.
All traffic to udp port 53 is allowed, because it serves as prim dns for a
few domains. However, i have no intension to serve as dns for the whole
world. So i did this:
acl "mynet" { 82.201.109.0/24; 127.0.0.1; };
zone "." { type hint; file "root.hint"; allow-query { "mynet"; }; };
The other zones must be resolvable for the whole internet to this machine,
but none other, so therefore i tried to restrict the hint zone by this.
However, this doenst work, nothing works anymore I get:
sysquery: nlookup error on ?
sysquery: nlookup error on ?
and in the response to any internal client ServFail
What am i doing wrong and how to accomplish the thing i wish for?
Bye,
Mipam.
More information about the bind-users
mailing list