ACL for forward zone
Prabhat Rana
prana9533 at yahoo.com
Tue Jul 13 00:28:23 UTC 2010
Hi Nuno,
Thanks for the response. However, I don't own the authoritative servers. And the clients that I am serving don't have direct access to the authoritative servers.
Prabhat.
--- On Mon, 7/12/10, Nuno Paquete <nunopaquete at lusocargo.pt> wrote:
> From: Nuno Paquete <nunopaquete at lusocargo.pt>
> Subject: Re: ACL for forward zone
> To: "Prabhat Rana" <prana9533 at yahoo.com>
> Cc: bind-users at lists.isc.org
> Date: Monday, July 12, 2010, 4:17 PM
> Hi Prabhat,
>
> I think you don't need this ACL in your forwarder server,
> define it on
> the authoritative server (1.2.3.4 and 5.6.7.8, according to
> your
> example).
>
> Regards,
> Nuno Paquete
>
> No dia 2010/07/12, às 19:27, "Prabhat Rana" <prana9533 at yahoo.com>
>
> escreveu:
>
> > Hello all,
> > I have BIND 9.7.1 installed in Solaris 10. I need to
> use a forwarder
> > for a certain internal private IP zone to a certain
> internal DNS
> > severs. In the meantime I need to use certain ACL so
> that it would
> > forward the queries and reply to them only from
> certain IP address
> > clients. So I used the following conifgs in
> named.conf
> >
> > acl "Internal" {10.0.1.0/24)
> >
> >
> > zone "10.in-addr.arpa" in {
> > type forward;
> > forwarders { 1.2.3.4;
> 5.6.7.8; };
> > allow-query { "Internal";
> };
> >
> > However it appears I can't use 'allow query'
> option in forward zone
> > as seen in the syslog
> > /etc/named.conf:102: option 'allow-query' is not
> allowed in
> > 'forward' zone '10.in-addr.arpa'
> >
> > Basically you know what I'm trying to achieve. So if
> anyone has any
> > tip how can I use forward from the clients only within
> certain IP
> > address range, that would be great.
> >
> > Prabhat.
> >
> >
> >
> >
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list