allow-query or something else?

Tim Maestas tmaestas at dnsconsultants.com
Mon Jun 4 23:45:13 UTC 2001 


	I think what you are looking for is allow-recursion.

-Tim



On Mon, 4 Jun 2001, alexus wrote:

> 
> i'm sorry for not being clear
> 
> basically what i want to do is restrict people from using my name server,
> but when i put allow-query i don't think it serves my domains anymore,
> 'cause neither root servers and/or secondary and/or primary nameserver that
> hosting this domain won't be able to access this nameserver.
> 
> grr.. it sounds so unclear again:(
> 
> let me put it this way..
> 
> i have my box (nameserver) which is box.nexgen.com, plus i have some other
> box let's say box2.nexgen.com .. for example they hosting example.com domain
> box.nexgen.com being as a primary and box2.nexgen.com being as a secondary
> name server, after i add allow-query on box.nexgen.com i get this denied
> error message in logs file which is supposly fine.. *BUT* my feeling is that
> after limiting query i also limiting everyone to see any changes that i do
> to that domain,
> 
> in other words i want people from outside of my network (evil internet) to
> allow query only domains that i host and whoever is on my inside network
> (local network) to query whatever they want.
> 
> ----- Original Message -----
> From: "Kevin Darcy" <kcd at daimlerchrysler.com>
> To: <bind-users at isc.org>
> Sent: Monday, June 04, 2001 6:52 PM
> Subject: Re: allow-query or something else?
> 
> 
> >
> > alexus wrote:
> >
> > > Hi
> > >
> > > I'm using bind 9.x and I serve few primary/secondary zones
> > >
> > > I want to limit use of query for anyone who's outside my network to
> domains
> > > that i serve only and not for anything else.. does anyone know how to do
> it?
> > >
> > > i put allow-query but, but then i start geting messages
> > >
> > > box named[18928]: client xxx.xx.xxx.xx#26353: query 'xxx.com/IN' denied
> > >
> > > i assuming my name server is not really serving those zones anymore even
> > > though it does for people who's on the list in allow-query..
> >
> >  I'm not sure what the problem is here. You want to restrict access to
> your
> > nameserver, and the log message above indicates that you denied a query.
> Isn't
> > that what you wanted?
> >
> > Or, does all of that xxx.xx.xxx.xx garbage indicate that you denied a
> query
> > that you shouldn't have? This isn't clear from your message...
> >
> >
> > - Kevin
> >
> >
> >
> 
>

More information about the bind-users mailing list