From owner-freebsd-questions Sun Nov 10 5:51: 7 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C14937B401 for ; Sun, 10 Nov 2002 05:51:06 -0800 (PST) Received: from mail1.sea.registeredsite.com (mail1.sea.registeredsite.com [66.111.73.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF8D443E42 for ; Sun, 10 Nov 2002 05:51:05 -0800 (PST) (envelope-from admin@asarian-host.net) Received: from asarian-host.net (asarian-host.net [216.122.74.112]) by mail1.sea.registeredsite.com (8.12.5/8.12.5) with ESMTP id gAADp4oG013490 for ; Sun, 10 Nov 2002 08:51:05 -0500 Comments: To protect the identity of the sender, certain header fields are either not shown, or masked. Anonymous email addresses for asarians can be requested by filling in the appropriate form at: https://asarian-host.net/cgi-bin/signup.cgi Received: (from root@localhost) by asarian-host.net (8.11.0/8.11.0) id gAADp4A77828 for freebsd-questions@freebsd.org; Sun, 10 Nov 2002 14:51:04 +0100 (CET) (envelope-from admin@asarian-host.net) Posted-Date: Sun, 10 Nov 2002 14:51:04 +0100 (CET) From: Mark Message-Id: <200211101351.GAADP3S77820@asarian-host.net> Date: Sun, 10 Nov 2002 14:50:59 +0100 X-Authenticated-Sender: admin@asarian-host.net Subject: BIND X-Trace: 9EkNc+ovMGWjW/GwTXFQhT0lOeBZiSMR7j1BAcsPTWr7ifS/0nxq479Wh5WscSaL X-Complaints-To: abuse@asarian-host.net X-Abuse-Info: Please be sure to forward a copy of ALL headers X-Abuse-Info: Otherwise we are unable to process your complaint Organization: Asarian-host To: MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Auth: Asarian-host PGP signature iQEVAwUAPc5kSDFqW1BleBN9AQGSTwgAhSem5f9j+dfnSjwRSF/4RT7peSqBdFYf 1gtu547uO39aNxAPb5IhoQLUTszcdEM9HXJmAIo4z+6SYi5VbU2N5vl5PAXiF8tY OcRcPUpYBE7lRmxmUb18s07HWtkXTANNxO7AsN5w/Upwi0eeNfU+ZCDdNYNsnMD4 0UBw+z2C6TOlxvrDxhfIat+70DX1u43rVm2aX4uYdFkyj2IlnCGDIljauoJDe2OG /CKxpZp7w6nnMTzaVozrMEQUtOUfZirODkYeqjbK6M4a8nr1t6DCQSc/XMHDY2Hi Xdl4pviUg8Kav0THUL7LBqtn/8SWtLyO16u/aK1Ht0H02A6EyFZvrA== =1Ctz Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, :) I was experimenting with BIND (8.3.3) on FreeBSD. I got everything pretty much set up properly. Then I came up with the idea to allow outside queries for my own domain names, but to disallow outsiders to use my name servers to resolve the world. So, I did this: zone "." { type hint; file "named.root"; allow-query { trusted; }; }; I thought that would only allow myself (localhost and a few others are in the "trusted" acl) to query the world, but prevent others from doing so, via my name servers. Alas, BIND disagrees with my logic. It reports: 'allow-query' option for non-{master,slave,stub} zone '' zone '.' did not validate, skipping Hmm, there's gotta be a way to only let outsiders use my name servers to resolve my own domains. Has anyone any ideas? Thanks! - Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message