preventing queries to servers
Robert Vangel
vangelr at rfgt.net
Fri Apr 29 09:42:53 UTC 2005
markdv.bind at asphyx.net wrote:
> Hi,
>
> I would like to prevent queries to rcf1918 addresses on a caching
> nameserver.
>
> The server has a public IP to which clients query. But it is also
> connected to 'back-end' networks using rcf1918 addresses. I would like to
> prevent queries sent over this network when public zones contain ns
> records resolving to rfc1918 addresses in ranges I also use.
>
> I was thinking along the lines:
>
> server 10.0.0.0/8 {
> bogus yes;
> };
>
> but the 'server' statement only allows ip_addr and not ip_prefix... Is
> there some other way to achieve the same thing?
>
> wouldn't it be usefull if 'server' also supported ip_prefix? Or even an
> acl?
>
> Regards,
> Mark.
>
>
allow-query { localnets; }; ?
-- Binary/unsupported file stripped by Ecartis --
-- Type: application/x-pkcs7-signature
-- File: smime.p7s
-- Desc: S/MIME Cryptographic Signature
More information about the bind-users
mailing list