From owner-freebsd-questions Fri Apr 4 13:17:11 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA03966 for questions-outgoing; Fri, 4 Apr 1997 13:17:11 -0800 (PST) Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA03958 for ; Fri, 4 Apr 1997 13:17:08 -0800 (PST) Received: from Jupiter.Mcs.Net (ljo@Jupiter.mcs.net [192.160.127.88]) by Kitten.mcs.com (8.8.5/8.8.2) with ESMTP id PAA28359 for ; Fri, 4 Apr 1997 15:17:03 -0600 (CST) Received: (from ljo@localhost) by Jupiter.Mcs.Net (8.8.5/8.8.2) id PAA02968 for questions@freebsd.org; Fri, 4 Apr 1997 15:17:03 -0600 (CST) From: Lars Jonas Olsson Message-Id: <199704042117.PAA02968@Jupiter.Mcs.Net> Subject: refusing DNS queries for internal net To: questions@freebsd.org Date: Fri, 4 Apr 1997 15:17:02 -0600 (CST) X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I asked about firewall for avoid outside people to find what's on our inside net. The solution was to use the secure zone handling in named. If you have a named running for both external and internal net (e.g. 10.0.0.x) you can add this to the file that describes the 10.0.0.x net (often called mydomain.hosts): secure_zone IN TXT 10.0.0.0:255.255.255.0 secure_zone IN TXT 127.0.0.1:H This will let people on the internal net and the machine itself do DNS queries. When people on outside does: nslookup server ls They will get: [] *** Can't list domain : Query refused Jonas