restrict a DNS
Barry Margolin
barmar at genuity.net
Thu Jun 15 00:37:14 UTC 2000
In article <8i8gnn$1m0h$1 at news.okay.net>,
Jan Kuemmerle <kummerle at iname.com> wrote:
>Hi,
>
>..the problem is that some of the local IPs should be able to ask for
>"outside IP", and the rest shouldn't.
>If I put it in the options no PC is able to ask for "outside IP".
>Example:
>IPs form X.X.X.1-10 are allowed to access the web, so they need to have a
>full access to the DNS.
>IPs from X.X.X.11-254 are blockt by the firewall/router, but not the DNS, so
>if one of the PCs is not configutated correctly we will have a dedicated
>line, and I'm in trouble at the end of the month ;-)) .
>Thanks
Perhaps what you really need to use is allow-recursion rather than
allow-query.
>
> Jan
>"Barry Margolin" <barmar at genuity.net> schrieb im Newsbeitrag
>news:Wld15.41$Hc5.1064 at burlma1-snr2...
>> In article <8i3km9$1qpg$1 at news.okay.net>,
>> Jan Kuemmerle <kummerle at iname.com> wrote:
>> >Hi,
>> >to keep dial-up low, I want to restrict the forwarding/caching of my DNS.
>> >I tried it with a "allow-query {allowed-IP;};" in the "." zone,
>> >but it seem's not to work?
>> >Does anyone has an idea?
>>
>> Put it in the options statement, not the "." zone.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list