Date: Mon, 22 Apr 2002 12:04:31 -0400 (EDT) From: Tim Wilde <twilde@dyndns.org> To: Jim Flowers <jflowers@ezo.net> Cc: Mario Lobo <Mlobo@ear.com.br>, <freebsd-security@FreeBSD.ORG> Subject: Re: DNS Question Message-ID: <Pine.GSO.4.44.0204221202580.25336-100000@quartz.bos.dyndns.org> In-Reply-To: <20020422114506.M42132@ezo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 22 Apr 2002, Jim Flowers wrote:
> You don't say what version but assuming 8.x.x there are a number of options
> to help. Read Chapter 10 of the DNA & BIND book. Particularly, you can
> configure your dns to be useful as a resolver to only your trusted addresses
> with option allow-query {trusted-addresses;} while at the same time allowing
> everyone access to your authoritative zones with an allow-query {any;} entry
> in each of your authoritative zone files.
The allow-recursion { }; statement within the options { }; block is more
correct to use to limit recursion, I'm pretty sure it's available in BIND
8, and it definitely is in BIND 9. DNS & BIND is a very good resource, as
is the BIND ARM that ships in the doc/ dir of the BIND distribution.
Tim Wilde
--
Tim Wilde
twilde@dyndns.org
Systems Administrator
Dynamic DNS Network Services
http://www.dyndns.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.44.0204221202580.25336-100000>