ACL / allow-query
Kevin Darcy
kcd at daimlerchrysler.com
Fri Sep 30 21:21:46 UTC 2005
Laurent wrote:
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: quoted-printable
>Hi,
>
>I would like reserve my DNS to only client in range ip address.
>The Bind version use is 8.2.3.
>My named.conf:
>
>acl client {
> x.x.0.0/16
>};
>
>options {
> directory "/var/named";
> allow-query { client; };
> allow-transfer { none; };
> cleaning-interval 120;
> statistics-interval 0;
> interface-interval 0;
>};
>
>logging {
> channel named_info {
> file "/var/log/named.log" versions 3 size 10m;
> print-severity yes;
> print-time yes;
> };
> =20
> channel named_query {
> file "/var/log/queries.log" versions 3 size 50m;
> print-severity yes;
> print-time yes;
> };
>};
>
>zone "localhost" IN {
> type master;
> file "conf/localhost";
>};
>
>zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "conf/0.0.127.in-addr.arpa";
>};
>
>zone "." IN {
> type hint;
> file "conf/root.hint";
>};
>
>------------------------------------------------------------------------
>If I update the zone hint to :
>
>zone "." IN {
> type hint;
> file "conf/root.hint";
> allow-query { client; };
>};
>
>
Put that "allow-query" in "options" if you want it to be global in scope.
>I have an error on named.log :
>29-Sep-2005 09:43:35.698 info: sysquery: nlookup error on ?
>29-Sep-2005 09:43:39.865 info: sysquery: nlookup error on ?
>
I think that's unrelated. Are your root hints up to date?
- Kevin
More information about the bind-users
mailing list