Security question, allow query to?
Steven Job
lists at winnie.tiggee.com
Wed Feb 19 00:49:26 UTC 2003
Rickard,
If you expect your nameservers to act as primary or secondary for the zones
you are authoritative for then you need to allow query for everyone.
However you do not have to handle recursive queries for everyone but yourself and
your customers.
Here is an example:
// The internal line will be the list of your customers.
acl "internal" { 192.168.1/24; };
acl "secdns" { 192.168.1/24; };
options { .
.
.
// Server will attempt to do all work required to answer query.
recursion yes;
allow-recursion { "internal"; };
allow-query { any; };
.
.
}
then in each domain you want a
all-transfer { "secdns"; };
That's about it.
-Steve
On 18 Feb 2003, Reckhart wrote:
> Hello
>
> I am about to harden our dns servers (bind 9.2.1) and they act
> as primary and secondary server for many of our customers zones.
> I have turned off zone-transfers so that only the slave can get zones
> from the primary server.
>
> My question is, can i let only our customers query our nameservers
> or do i have to leave them open for anyone to ask?
>
> i was thinking about other nameservers asking our server about domains
> they are authorative of.
>
> They are running in recursive mode.
>
>
> Best Regards,Rickard
>
More information about the bind-users
mailing list