allow-query restrictions
Joseph S D Yao
jsdy at cospo.osis.gov
Wed Dec 13 22:47:33 UTC 2000
On Wed, Dec 13, 2000 at 01:56:57PM -0800, Michelle Dick wrote:
...
> E.g. in ourdomain.com zone file we have the record:
>
> xxx IN CNAME yyy.otherdomain.com
>
> But with the allow-query restrictions in place, outside lookups for
> xxx.ourdomain.com fail with "query refused".
>
> How can we allow lookups for xxx.ourdomain.com but still deny all other
> lookups outside of ourdomain.com?
Have you tried putting in a stub domain zone{} statement for the other
domain? Then you can do an allow-query on that, too. You will need to
worry about keeping the name server(s) current, and whether they will
let you transfer the zone information. (I think stub zones still do
zone transfers.)
I haven't tried this: use a forward-type zone. I don't know whether
allow-query works for this. You still have to worry about keeping the
name server(s) current. You don't have to worry about zone transfers.
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list