Resolving locally hosted zones to trusted clients
Barry Margolin
barmar at alum.mit.edu
Fri Oct 29 00:44:20 UTC 2004
In article <clrj12$1jkj$1 at sf1.isc.org>, Matt Goli <mattgoli at mac.com>
wrote:
> Greetings all:
>
> I've setup a public BIND 9.2.2 server to host a number of zones for our
> companies domains based on Rob Thomas's "Secure BIND Template"
> http://www.cymru.com/Documents/secure-bind-template.html.
>
> I have one view (external-in) setup to allow any device to query the
> public domains from this BIND server and am not allowing recursive
> lookups from public IPs. I have a second view (internal-in) setup that
> performs recursive lookups for a ACL of "trusted" IP addresses, and
> that is working as expected. My problem comes in when trusted IP
> addresses attempt to query a zone out of my "external-in" view. I
> simply get a "connection timed out; no servers could be reached" when I
> dig from the trusted IP addresses.
>
> So in summery, I can do the following from trusted ip address
> 216.111.14.242:
> dig @63.238.248.3 www.google.com
>
> But cannot do:
> dig @63.238.248.3 www.krause.com
>
> But from an untrusted IP I can do:
> dig @63.238.248.3 www.krause.com
>
> Below is my named.conf file for reference. Any feedback is greatly
> appreciated.
You need to include the public zones in the internal view, since
internal clients can only see the zones that are listed in that view.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list