restrict a DNS

[Barry Margolin]

In article <8i8gnn$1m0h$1 at news.okay.net>,
Jan Kuemmerle <kummerle at iname.com> wrote:
>Hi,
>
>..the problem is  that some of the local IPs should be able to ask for
>"outside IP", and  the rest shouldn't.
>If I put it in the options no PC is able to ask for "outside IP".
>Example:
>IPs form X.X.X.1-10 are allowed to access the web, so they need to have a
>full access to the DNS.
>IPs from X.X.X.11-254 are blockt by the firewall/router, but not the DNS, so
>if one of the PCs is not configutated correctly we will have a dedicated
>line, and I'm in trouble at the end of the month ;-)) .
>Thanks

Perhaps what you really need to use is allow-recursion rather than
allow-query.

>
>    Jan
>"Barry Margolin" <barmar at genuity.net> schrieb im Newsbeitrag
>news:Wld15.41$Hc5.1064 at burlma1-snr2...
>> In article <8i3km9$1qpg$1 at news.okay.net>,
>> Jan Kuemmerle <kummerle at iname.com> wrote:
>> >Hi,
>> >to keep dial-up low, I want to restrict the forwarding/caching of my DNS.
>> >I tried it with a "allow-query {allowed-IP;};" in the "." zone,
>> >but it seem's not to work?
>> >Does anyone has an idea?
>>
>> Put it in the options statement, not the "." zone.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.