Access Controll on bind 9?
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Jun 19 08:10:03 UTC 2002
> I am trying to add a bit of access control on bind. Basically I have
> domains hosted on the servers that I need to allow queries from everyone,
> but I only want select addresses to be able to use it as a caching name
> server. If I could do an "allow-query" for the "." hint zone then that
> would be about perfect, but I tried that and bind says I can't do it.
>
> The only thing I can think of is running two copies of bind (well, two per
> server) and binding one to one ip and the other to another. Then I could
> setup a firewall rule for the caching side IP to only allow certain traffic,
> and allow everything on the other IP but don't have a hint zone on that one.
> Seems like a big pain though, even if it would work.
>
> Does anyone have any ideas?
>
> Thanx
options {
allow-query { clients; };
};
zone "example.com" {
...
allow-query { any; };
};
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list