A newbies Bind question
Matthew Pounsett
matt at conundrum.com
Sat Jan 31 18:37:23 UTC 2009
On 31-Jan-2009, at 13:24, Peter Privat wrote:
> My question:
> Is it possible for my friends out there somewhere in cybespace to
> also use my DNS server by entering its IP their DNS settings?
>
> So far I haven't managed to make it work. If another computer
> somewhere out there in the cloud is entering the IP of my private
> DNS server into their internet settings, they are not able to use
> that DNS server. It doesn't provide DNS at all. Seems like it is
> blocked or doesn't allow computers that is not on the same subnet,
> or something. Is there a configuration that I've missed? How do the
> ISP's make their DNS servers usable for everyone?
By default, BIND blocks IP addresses that aren't on a local network
from using it for recursion. Setting up an open DNS server which
permits anyone to use it creates an easy vector for your DNS server to
be used in Denial of Service attacks, so the default is to be
completely closed. It is not recommended to open up your DNS server
to the world. If your friends have static IP addresses (i.e. the IP
addresses of their computers aren't ever changed by their ISP) then
you can allow them in using the 'allow-query' and 'allow-recursion'
options.
There's HTML documentation for the 'options' grammar at <https://www.isc.org/software/bind/documentation/arm95#id2576918
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090131/808ad79e/attachment.bin>
More information about the bind-users
mailing list