BIND configuration question
Cricket Liu
cricket at infoblox.com
Wed Apr 27 12:45:39 UTC 2005
On Apr 27, 2005, at 5:15 AM, Ronald I. Nutter wrote:
> I have posted a couple of messages over the last few days. Guess I am
> not asking the question the right way. I am trying to restrict our
> external DNS server running BIND to only allow lookups to domains we
> are
> handling when those requests come from outside our network. I want our
> internal users (which will be coming from one of 5 class C ip ranges we
> are assigned) to be able to to recursive lookups, etc without any
> problems. I tried using the Secure Bind Template I found but the
> problem I ran into was that the server quits responding to any DNS
> requests when that is used. Another message I talked about referenced
> Split DNS but I don't think that is the right term to use for what I am
> trying to do.
>
> Suggestions ?
This sounds like a job for the allow-recursion options substatement,
e.g.,
options {
allow-recursion { college-nets; };
};
Folks not in the ACL will have their queries treated as non-recursive,
while internal users will get recursive service. You could also do this
with two views, a recursive internal view and a non-recursive external
view:
view internal {
match-clients { college-nets; };
recursion yes;
[zone statements, etc.]
};
view external {
match-clients { any; };
recursion no;
[zone statements, etc.]
};
cricket
More information about the bind-users
mailing list