acl misunderstanding?
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Wed Aug 4 14:57:05 UTC 2004
Mipam <mipam at ibb.net> wrote:
> Hi,
> I have a machine which serves as dns behind a firewall.
> All traffic to udp port 53 is allowed, because it serves as prim dns fo=
r a=20
> few domains. However, i have no intension to serve as dns for the whole=
=20
> world. So i did this:
> acl "mynet" { 82.201.109.0/24; 127.0.0.1; };
> zone "." { type hint; file "root.hint"; allow-query { "mynet"; }; };
This is wrong. What you should do is a global "allow-recursion { mynet;}"
This will allow your clients to do recursive queries.=20
> The other zones must be resolvable for the whole internet to this machi=
ne,=20
> but none other, so therefore i tried to restrict the hint zone by this.
> However, this doenst work, nothing works anymore I get:
> sysquery: nlookup error on ?
> sysquery: nlookup error on ?
nslookup is broken, learn to use dig and host.
> and in the response to any internal client ServFail
> What am i doing wrong and how to accomplish the thing i wish for?
> Bye,
> Mipam.
--=20
Peter H=E5kanson =20
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out=
,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list