Stub zones, but secndary?
Elmar K. Bins
elmi at 4ever.de
Sun Nov 19 21:10:13 UTC 2023
Good evening,
my freshly recrafted DNS servers got the latest BIND 9.18 pkg from FreeBSD.
They're all supposed to only respond for a certain set of zones to the outside,
but should be able to be used as a resolver from localhost.
The pkg comes with a default config that slaves "." and its cousins instead
of pushing a static hints file. I like this.
Unfortunately, the config just has them as slave zones, without a "hint"
marking. Anybody can query the box for them. I don't like this.
I've put the appropriate "allow-query { localhost; };" into every friggin'
zone entryto every friggin' zone entry. I REALLY don't like this.
I'm wondering whether there's a more elegant way. Like "secondary-hint" zones.
Have I overlooked something?
Thanks for any pointers,
Elmar.
More information about the bind-users
mailing list