which file - proper acl info?
Kevin Darcy
kcd at daimlerchrysler.com
Fri Mar 10 21:00:32 UTC 2006
kurt wrote:
>Checking the docs and searching the bind-users archive, I've come up with this
>relevant link for acl:
>
>http://marc.theaimsgroup.com/?l=bind-users&m=110849258723985&w=2
>
>I'm attempting to control access to the bind server for resolving only right
>now, to a small subnet, 0.0.0.0/29 (example). Which file in /etc/bind do I
>insert the language as listed in the link above to get this to work?
>
>I haven't edited the files yet, so an indication/hint of where in the file to
>place the code would be great, "after this line, before this line", etc.
>
>I'm running the Debian Sarge version of Bind which uses several config files
>plus multiple db files in /etc/bind, plus I've installed bind chrooted,
>so /etc/bind is really a link to a different part of the filesystem.
>
>The bind server also runs apache (a handful of virtual sites), ntp, and is
>occasionally used for web browsing during administration (and resolving ips
>in the apache logs), so 127.0.0.1 in addition to the example subnet will be
>listed as part of the acl.
>
>The server is currently not authoritative for any domains, although it will be
>for a few domains at a later date. It is just resolving right now, I'm
>feeling my way around bind as a newbie. Thanks.
>
Anywhere at the top syntactical level (i.e. not within any brace pairs)
of named.conf should be fine. It used to be that acls had to be defined
before they were actually referenced in named.conf, however that
restriction has been lifted (I'm having trouble finding a reference to
that change in the CHANGES file, but I just configured a "reference
before definition" with BIND 9.3.1 and it appears to work fine).
As for the "several config files" of Debian Sarge, I can't really help
you there, since I've never worked with it. BIND natively has only 1
main config file (called named.conf by default), plus a key file (if you
use rndc to control the operation of the nameserver), and of course
whatever files one may optionally "include" into named.conf by reference.
- Kevin
More information about the bind-users
mailing list