How to make one ZONE (subdomain) non-public?

Gregory Hicks ghicks at hicks-net.net
Mon Apr 12 09:07:39 UTC 2010 

> Date: Mon, 12 Apr 2010 09:52:03 +0200
> From: Matus UHLAR - fantomas <uhlar at fantomas.sk>
> 
> On 12.04.10 09:47, Michelle Konzack wrote:
> > in my domain I have a "subdomain" which is absolutely private  and
> > non-accesible from the rest of the world.  It use <192.168.x.y>.
> > 
> > Which option must I use hat this ZONE ist only accesible/visible  
local?
> 
> allow-access in zone statement.

I think the easiest way to do this would make several VIEWS.  Put the
zone file for the subdomain in the internal only view.  Yes, some zone
descriptions would be duplicated, but... Oh well...

For instance, when it is time for my children to do homework, I add a
zone "facebook.com" that points to localhost to my zone descriptions.
This effectively locks them out of facebook for the duration of
"homework time".  (This local facebook.com zone is NOT something that I
would want the internet to use...)

eg:

// for the ACL, you can put in CIDR notation for your network ALSO...
// Note that the difference between the zone descriptions is that 
// "some-subdomain" is missing from the external view.  You would also 
// populate the views with any additional zones...

acl internal {localhost; localnets; };

view "trusted" {
  match-clients { "internal"; };
  recursion yes;
  
 zone "ext-domain" in {
        type master;
        file "db.ext-domain";
        allow-update { none; };
        allow-transfer { <ip1>; <ip2>; };
};
 zone "some-subdomain" in {
        type master;
        file "db.sub-domain";
        allow-update { none; };
        allow-transfer { <ip3>; <ip4>; };
};

More zone(s) {}

}; // End of trusted or internal view

view "external" {
 match-clients { "any"; };
 recursion no;
 additional-from-cache no;

 zone "ext-domain" in {
        type master;
        file "db.ext-domain";
        allow-update { none; };
        allow-transfer { <ip1>; <ip2>; };
};

}; // End of External view

---------------------------------------------------------------------
Gregory Hicks                           | Principal Systems Engineer
                                        | Direct:   408.569.7928

People sleep peaceably in their beds at night only because rough men
stand ready to do violence on their behalf -- George Orwell

The price of freedom is eternal vigilance.  -- Thomas Jefferson

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton

More information about the bind-users mailing list