DNS Security
wwebb at adni.net
wwebb at adni.net
Mon Dec 27 15:39:17 UTC 1999
Where there is a primary master zone with the server supporting
one or more resolvers, a configuration recommended at:
http://www.acmebw.com/securing/sld021.htm
is as follows:
acl internal { 206.168.119/24; };
options {
director "/var/named";
recursion yes; //the default
allow-querry {internal; };
};
zone "acmebw.com" {
type master;
file "db.acmebw";
allow-transfer {207.69.231.3; 209.86.147.1; };
allow-query { any; };
};
Irrespective of an option to allow queries only from the internal IP
addresses, if a specific zone is set, such as acmebw.com as
above, isn't the default to allow queries to that specific zone ? If
so, then what is the purpose of the "allow-query { any; } entry
above?
Thanks, Bill Webb
More information about the bind-users
mailing list