which file - proper acl info?
funkyjunky28 at gmail.com
funkyjunky28 at gmail.com
Fri Mar 10 21:09:46 UTC 2006
Kurt,
You should just be able to slap your acl definitions in
"named.conf". That is where all of mine are.
The link you are referring to, looks to be the same format as my
named.conf. I didn't read the article, but I'm guessing the
example doesn't take into account the "resolver" value. So, for
the example in the link, the acl is for a view called "resolver".
If this is the only view, then resolver will be in "match-client"
or "allow-transfer" elsewhere in the named.conf. If you are using
many views, you can setup a pretty powerful and restricted DNS
environment. Example (named.conf) at the very top:
Code starts here:
/* My DNS slaves -- Just to be neat, I will add my other name servers
first:
*/
acl "myslaves" {
10.11.20.1; // DNS slave 1
10.11.20.2; // DNS slave 2
120.21.31.1; // DNS outside subnet
};
/* Then my subnets that I will have available for resolution: */
/* Internet - zone for DMZ */
acl "dmz" {
10.10.20.0/24; // DMZ east servers (web, app, etc)
10.10.21.0/24; // DMZ west servers
};
Now you could setup queries for the acl named "dmz".
view "dmz"
allow-recursion { "dmz"; }; // just another example besides
allow-query)
allow-query { "dmz"; };
Also keep in mind that you can further restrict subnets/IP's using
ipfilters.
Hope this helps.
-Jeff
More information about the bind-users
mailing list