stomping forwarders
Barry Margolin
barmar at bbnplanet.com
Thu Dec 16 15:07:18 UTC 1999
In article <E11yb53-0009Yb-00 at rip.psg.com>, Randy Bush <randy at psg.com> wrote:
>i would love to give bind a list of IPs for which recursive requests
>will not be honored, but rather have nxdomain returned. or the inverse,
>a set of ip ranges for which recursion will be honored and the rest are
>given the nasties.
Use the allow-query option.
If you're a listed server for public zones, so you have to allow queries in
those zones from anyone, you can override the global, restrictive
allow-query with 'allow-query { any; };' in the individual zone
statements. I.e. your named.conf would look like:
acl my-users { 192.168.10.0/24; 172.18.0.0/16; };
options {
allow-query { my-users; };
...
};
zone "something.com" {
...
allow-query { any; };
};
zone "someone-else.org" {
...
allow-query { any; };
};
and so on.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list