[lug] DNS config question
bdoctor at ps-ax.com
bdoctor at ps-ax.com
Fri Jun 1 03:36:15 MDT 2001
Well, with V4 of Bind I cannot help :(. However, this works well for V8.
zone "whatever" {
type master; // or slave
allow-query { 192.168.0.0/24;
192.168.1.0/24;
127.0.0.0/8;
10.1.100.0/24;
};
file "filename";
}; // whatever
That will allow queries, but no transfers.
This will allow both queries and transfers
zone "lug.com" {
type master;
allow-transfer { 192.168.0.0/24;
192.168.1.0/24;
1.2.3.206/32;
1.2.3.202; // mask is optional
};
file "db.lug.com";
};
I'm pretty sure you could also have the allow-query in there to remove the
assumption that all listed can do whatever they need. If it is not listed,
it is denied in terms of the allow-[type] fields.
You have (I think) to define for each zone supported. You may be able to
specify one policy for all zones, but my needs weren't at the macro level,
so I didn't even check :)
Keep in mind that even if you are doing this, your secondaries and their
secondaries must also do the same, otherwise a motivated person will
eventually find what they are after.
Any specific reasons for staying with V4?
-brad
> Is there a way in the DNS config file to specify the nameserver should only
> respond to queries for a given range of IP #'s (i.e., with a netmask?)
>
> Here is my setup.
>
> Network is 192.168.6.193/27 (netmask of 255.255.255.224)
> That is, I want DNS to respond to queries from 192.168.6.193 to
> 192.168.6.224 (31 ip #s).
>
> If I do this: (I'm using bind4 btw)
>
> primary mydomain.com db.mydomain
> primary 6.168.192.in-addr.arpa db.192.168.6
>
> That's for the entire range of 192.168.6.0 through .255.
>
> So, how do I limit it? How do I specify a "netmask" in the config/boot file?
>
> TIA,
> -Anders.
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
More information about the LUG
mailing list