BIND9 query problem
Jim Reid
jim at rfc1035.com
Tue Aug 5 18:30:28 UTC 2003
>>>>> "Dan" == Dan <troubled at emaildesktop.com> writes:
Dan> SoRRY to bug (and mind the broken shift key please). I am
Dan> running BIND9 on a linux machine and I have noticed that
Dan> hundreds upon hundreds of dns queries are hitting My box from
Dan> around the world for dns queries. I am lOOKing for a CONfig
Dan> option that would block all querIES to the world except for
Dan> zones that I actually host. Is this possible in any using the
Dan> config files for bind instead of firewalling dns from
Dan> everyone except root servers?
"Firewalling dns from everyone except root servers" makes no sense at
all. It achieves nothing. Other than allow traffic through from
servers that will NEVER EVER send queries to you.
It is perfectly possible to only allow your name servers to answer
queries for the zones they serve. Consult the list archives for
details. The question you posted has been asked and answered many
times already. A search engine will guide you to the list archives if
you can't find them on your own.
Dan> And would firewalling all but root servers work?
No. What makes you think the root servers even care about the
existence of your name server(s), let alone want to query them?
More information about the bind-users
mailing list