Troubleshooting Information
Tony Finch
dot at dotat.at
Wed Aug 26 10:02:51 UTC 2015
Bob McDonald <bmcdonaldjr at gmail.com> wrote:
> To further lock this information down I would suggest adding the
> following view statements to any internet facing DNS device configuration:
>
> view "outsiders" chaos {
> match-clients { !127.0.0.1; !your-inside--nets; any; };
> allow-query { none; };
> # we need a zone within a view and Bind complains on startup if there is no hint file in classes
> # other than internet. (it is provided with the software for the internet class)
> zone "." chaos {
> type hint;
> file "/dev/null"; // or any empty file
> };
>
> };
Another way is to use BIND's syntax for explicitly configuring the special
server information zones, like below. This view handles all queries for
the chaos class, and rejects queries from nonlocal clients.
view bind chaos {
recursion no;
allow-query { localhost; localnets; };
zone authors.bind ch { type master; database "_builtin authors"; };
zone hostname.bind ch { type master; database "_builtin hostname"; };
zone version.bind ch { type master; database "_builtin version"; };
zone id.server ch { type master; database "_builtin id"; };
};
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
moderate, but rough in southwest Viking. Showers later. Good, occasionally
poor later.
More information about the bind-users
mailing list