ACLs and zone ".", Why doesn't it work anymore?
Jim Reid
jim at rfc1035.com
Mon Dec 20 22:10:48 UTC 1999
>>>>> "Jeremy" == Jeremy Fowler <jeremy at microlink.net> writes:
Jeremy> I just upgrade my RH Linux server to 6.1. My old
Jeremy> named.conf file had a acl for zone "." which was a quick
Jeremy> and easy way for me to limit who used the DNS server for
Jeremy> internet access. I worked fine with the version of Bind
Jeremy> that shiped with RH Linux 5.2, but named crashes with it
Jeremy> now. Is there a better (easier) way of limiting internet
Jeremy> access without going through the hassle of setting up a
Jeremy> proxy server? Not that I would mind setting one up, it's
Jeremy> just I've never done it before.
If your named.conf file *really* crashes the name server, then there
is a serious bug in BIND that needs fixing. Submit a bug report.
It's also not clear what you're trying to do. Using an ACL to prevent
lookups of the root zone (=> most of the stuff under it) doesn't seem
to make sense. If you don't want users or applications to resolve
internet names, set up your own internal root zone. Blocking DNS
lookups to "limit internet access" doesn't seem a good idea either.
Wouldn't that job be better done by a firewall?
More information about the bind-users
mailing list