Date: Sun, 10 Nov 2002 18:03:04 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@FreeBSD.ORG Subject: Re: BIND Message-ID: <20021110180304.GB84752@happy-idiot-talk.infracaninophi> In-Reply-To: <200211101351.GAADP3S77820@asarian-host.net> References: <200211101351.GAADP3S77820@asarian-host.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 10, 2002 at 02:50:59PM +0100, Mark wrote:
> I was experimenting with BIND (8.3.3) on FreeBSD. I got everything pretty
> much set up properly. Then I came up with the idea to allow outside queries
> for my own domain names, but to disallow outsiders to use my name servers to
> resolve the world. So, I did this:
>
> zone "." {
> type hint;
> file "named.root";
> allow-query { trusted; };
> };
What you want is:
options {
[...]
allow-recursion {
trusted;
};
};
which will default to denying recursion to anyone except your own
trusted machines, but still allow queries to any zone you're
authoritative for.
There's no point in putting much in the way of access control on the
'.' hint zone, but you should investigate the use of allow-query { };,
allow-transfer { }; or even allow-recursion { }; on a per-zone basis
for your other zones.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021110180304.GB84752>