Bind 9 allow-recursion limited to localhost
dan_delspam at edenpics.com
dan_delspam at edenpics.com
Wed Aug 16 22:53:20 UTC 2006
Hello, Kevin.
Thanks so much for your quick and useful answer.
I have tried your solution number 2 (disallow queries to all but
localhost, and then allow queries to all for each zones), and this
works great now! No more possible to access my DNS cache for the
others.
So it is fine even with version 9.2.4-2 of Bind.
I'm glad that a new directive is introduced in version 9.4, which seems
such important to me.
So this is what my /etc/named.conf configuration file looks like now:
options {
directory "/var/named";
recursion yes; // Allow caching, but limited below to everyone
outside localhost.
allow-recursion {local_hosts;};
allow-query { local_hosts;}; // this must be limited to
everyone, else they will have access to your cache !
query-source port 53; // because firewall allows port 53 only
allow-transfer {"none"; }; // transfer will be allowed per
zone below.
};
zone "my_domain.com" {
type master;
file "masters/sec.zone";
// IP addresses of slave servers allowed to transfer
example.com
allow-transfer {secondaries;};
allow-query {any;}; // this is needed to override the default
setting above.
};
With kind regards, and thanks again.
Daniel
More information about the bind-users
mailing list