Deny external queries to cache

[Barry Margolin]

In article <bpcqfb$15q2$1 at sf1.isc.org>, Alan <alanjf88 at hotmail.com> wrote:
>I have BIND successfully providing DNS for a few domains and IP's, it
>is also cacheing "external" addresses.
>
>The one thing I would like to do is only allow cache access to hosts
>on my network, in the "homenet" acl. From what I gather, I need the
>following:
>
>allow-query { homenet; };
>
>The only problem is, this goes in a zone, but I don't see any zone in
>named.conf related to cacheing. Maybe I'm way off the mark, though.

It can also be used in the "options" section, and then it affects the cache
and any zones that don't have their own allow-query statement to override
it.  You'll want to put the above statement into options, and put

allow-query { any; };

in each of your public zones.

-- 
Barry Margolin, barry.margolin at level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.