Stop recursive queries for particular zone... is it possible?
Guy Waugh
guywaugh at hotmail.com
Mon Sep 15 05:08:30 UTC 2003
Hi there,
I have two BIND 8.3.4 DNS servers, say 'dns1' and 'dns2'. dns2 has
'forward first' and 'forwarders { dns1 }' in its BIND config file.
dns1 slaves a realtime blacklist from a commercial provider, and
naturally I'm not allowed to let anyone on the Internet query this
zone, so I've set up an 'allow-query' section on dns1 for this RBL
zone to only allow my servers to query the zone.
dns2 is both an MX and a name server. Sendmail on dns2 must be able to
query the RBL zone on dns1, but I don't want to allow BIND on dns2 to
query the RBL zone, as this would allow hosts on the Internet to
recursively query the RBL zone through dns2.
So... if I could disallow BIND on dns2 from knowing anything about the
RBL zone on dns1, that would solve my problem... or, if I could
disallow recursive queries of the RBL zone on dns2, that would also
solve my problem. Can anyone suggest how I might achieve either of
these things, or suggest another approach?
Thanks,
Guy.
More information about the bind-users
mailing list