Restricting access to sites
Berislav Todorovic
BERI at etf.bg.ac.yu
Mon Jul 5 19:49:45 UTC 1999
> I want to be able to restrict certain machines from performing domain
> queries to certain sites.
If the set of sites, which you want to ban access onto, is finite - the
most easy way to perform what you want is to setup fake zones for the
remote domains on your server, e.g.:
zone "xxx.com" {
type master;
file "xxx.com";
};
// - File xxx.com
@ IN SOA ns.myserver.com. hostmaster.myserver.com. (
1999010700 10800 3600 608400 86400 )
IN NS ns.myserver.com.
* IN A 10.9.8.7 ; --- Somewhere on your network
The server will always return fake answers and won't initiate the
unwanted dial-on-demand action.
Another solution is to set the server to be non-recursive:
options {
recursion no; // - Turn off recursion
};
That will force the resolvers on your network to contact the remote
DNS servers, which you may easily filter on the firewall or router.
Regards,
Beri
.-------.
| --+-- | Berislav Todorovic, B.Sc.E.E. | E-mail: BERI at etf.bg.ac.yu
| /|\ Hostmaster of the YU TLD |
|-(-+-)-| School of Electrical Engineering | Phone: (+381-11)3221-419
| \|/ Bulevar Revolucije 73 | 3370-106
| --+-- | 11000 Belgrade SERBIA, YUGOSLAVIA | Fax: (+381-11)3248-681
`-------' --------------------------------------------------------------
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
More information about the bind-users
mailing list