Restricting "Outside" lookups
Mark de Vries
markdv.bind at asphyx.net
Fri Apr 29 19:14:32 UTC 2005
On Fri, 29 Apr 2005, FSD wrote:
> Hello All;
> I think what I need to do should be pretty simple. I want to setup
> a nameserver that forwards all my internal queries to my main nameserver
> ns.mycompany.com that will answer for mycompany.com. But I do not want
> any of my computers to query the outside world. That is, all computers
> can query the company addresses not nothing else. How do I do this?
> Thanks a million
Sounds like someting along the same lines I need... (see my msg
"preventing queries to servers").
You want to be able specify which servers your servers queries. I want to
be able to specify which servers _not_ to query. Opposing sides of the
same medal so to speak...
Something like a reverse ACL that specifies where named can send queries
*to*, rather than *from* where it accepts them...
query-destination { any; }; // default
query-destination { ns.mycompany.com; }; //what you would do
query-destination { !10.0.0.0/8; !192.168.0.0/16; ... }; //what I would do
Does two requests warrant an enty in the wishlist? :)
Regards,
Mark.
More information about the bind-users
mailing list