what needs to go in an "external" view?
Barry Margolin
barmar at alum.mit.edu
Tue Mar 29 00:07:36 UTC 2005
In article <d294af$2eu5$1 at sf1.isc.org>, <aklist_bind at enigmedia.com>
wrote:
> Hi All:
>
> I've split up my config file into two views, one for my internal subnet and
> one for the rest of the world.
>
> In my internal view, I have the following files:
>
> 127.0.0.0. reverse zone
> 192.168.1.0 reverse zone
> local host zone
> hints zone
> + locally referenced zones
>
> In my external view, I have all the public zone data I'm authoritative for.
>
> Question is, do I also need any of the files in my internal zone copied into
> the external one? My sense is that they're only relevant to the local NS
> itself, and not any other server?
Your sense is correct. The only things that need to be in the external
view are zones that are actually delegated to your server. If an
external machine is querying your server for anything else, it's at best
a mistake, and at worst a potential attack.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list