[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

securing bind

To: Linux Users Club of IL <luci-discuss@luci.org>
Subject: securing bind
From: charles@lunarmedia.net
Date: Fri, 26 Nov 1999 19:02:13 -0600 (CST)
Organization: Linux Users of Central Illinois
Reply-To: luci-discuss@luci.org
Sender: owner-luci-discuss@luci.org


Hey, I have a question about bind 8's params.
I have a dns server that is authoritative for quite a few domains, however
the same server is running mail services.
When I sent the no recursive lookup option within bind, mail can't be sent
since the machine can't do lookups for MX records of foreign domains.
However, when I set recursion back to on, I find that there a quite a few
nastly isps that are pointing to my box as a dns resolution tool rather
than setting up their own dns machine.
I am looking for a way that I can set my box to do recursive lookups, but
at the same time, only allow certain machines to do them. I also want my
machine to be able to answer dns queries for anyone for the domains that
it is authoritative.

So far I have

options { 
directory "/usr/local/named"; 
allow-transfer { a.b.c.d; };
recursion yes;
};

I tried:

acl self-list { x.x.x.x; }

and added:

options { 
directory "/usr/local/named"; 
allow-transfer { a.b.c.d; };
allow-query { self-list; };
recursion yes;
};

but this just prevented everyone but this machine from doing any lookups
to my server, including for domains that it should be responsible for.

-cjm


--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

Prev by Date: Re: Best graphics card for X
Next by Date: securing bind - the answer
Prev by thread: RE: preventing an ls through nslookup
Next by thread: securing bind - the answer
Index(es):
- Date
- Thread