allow-query or something else?

alexus ml at db.nexgen.com
Mon Jun 4 23:29:09 UTC 2001 

i'm sorry for not being clear

basically what i want to do is restrict people from using my name server,
but when i put allow-query i don't think it serves my domains anymore,
'cause neither root servers and/or secondary and/or primary nameserver that
hosting this domain won't be able to access this nameserver.

grr.. it sounds so unclear again:(

let me put it this way..

i have my box (nameserver) which is box.nexgen.com, plus i have some other
box let's say box2.nexgen.com .. for example they hosting example.com domain
box.nexgen.com being as a primary and box2.nexgen.com being as a secondary
name server, after i add allow-query on box.nexgen.com i get this denied
error message in logs file which is supposly fine.. *BUT* my feeling is that
after limiting query i also limiting everyone to see any changes that i do
to that domain,

in other words i want people from outside of my network (evil internet) to
allow query only domains that i host and whoever is on my inside network
(local network) to query whatever they want.

----- Original Message -----
From: "Kevin Darcy" <kcd at daimlerchrysler.com>
To: <bind-users at isc.org>
Sent: Monday, June 04, 2001 6:52 PM
Subject: Re: allow-query or something else?


>
> alexus wrote:
>
> > Hi
> >
> > I'm using bind 9.x and I serve few primary/secondary zones
> >
> > I want to limit use of query for anyone who's outside my network to
domains
> > that i serve only and not for anything else.. does anyone know how to do
it?
> >
> > i put allow-query but, but then i start geting messages
> >
> > box named[18928]: client xxx.xx.xxx.xx#26353: query 'xxx.com/IN' denied
> >
> > i assuming my name server is not really serving those zones anymore even
> > though it does for people who's on the list in allow-query..
>
>  I'm not sure what the problem is here. You want to restrict access to
your
> nameserver, and the log message above indicates that you denied a query.
Isn't
> that what you wanted?
>
> Or, does all of that xxx.xx.xxx.xx garbage indicate that you denied a
query
> that you shouldn't have? This isn't clear from your message...
>
>
> - Kevin
>
>
>

More information about the bind-users mailing list