DNS Security
Barry Margolin
barmar at bbnplanet.com
Mon Dec 27 18:14:42 UTC 1999
In article <199912271809.NAA12499 at advdata.net>, <wwebb at adni.net> wrote:
>Bill> If so, then what is the purpose of the
>> Bill> "allow-query { any; } entry above?
>>
>> This entry means that there'a an ACL of "any" for the
>acmebw.com
>> zone. Anybody anywhere can send the name server queries for names
>> in that zone, which is how things generally should be. The
>> zone-specific ACL is applied instead of the global one....
>
>Aside from the master zone stateements, is it necessary to have
>"allow-query { any; } in the slave zone statements to overcome the
>global one ?
Yes, if you want people outside your restricted global ACL to be able to
look things up in the slave zones. The allow-query option works the same
for all types of zones.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list