Diagnostic help

[Ben Croswell]

The default for allow query is local host local nets.  Basically the server
itself and directly connected networks
On Sep 29, 2014 8:03 PM, "Bill Christensen" <billc_lists at greenbuilder.com>
wrote:

>  Hi folks,
>
> Something got sideways on one of my DNS servers, and I would appreciate
> some help in figuring out what's going on.
>
> I'm running BIND 9.10.1.  This server is authoritative master for a number
> of domains.
>
> First off, I may have the allow-query set incorrectly.  Currently I have:
>
> acl query-permit {
>     (range of IP address on the local LAN which are allowed to use this
> server as their query server)
>     };
>
> acl recursive-permit {
>     (range of IP address on the local LAN which are allowed to use this
> server for recursive queries)
>     };
>
> acl transfer-permit {
>     (IP addresses of a couple other name servers allowed to do transfers
> with this one)
>     };
>
> and at the beginning of the options  section:
>
>         allow-recursion { recursive-permit; };
>          allow-transfer { transfer-permit; };
> //     allow-query { query-permit; };
>
> Allow-query is commented out, which I assume will allow anyone to query
> this server for the domains for which it has master or slave records, but
> does not allow the general public to do recursive queries or queries on
> domains not hosted here.
>
> Let me know if I've got that right, or how to correct it if I don't.
>
> If this part is correct I'll continue the questioning.
>
> Thanks!
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140929/23446208/attachment.html>