Re: Bind cache availability...
From: John Madden (weez_at_freelists.org)
To: firstname.lastname@example.org, email@example.com Date: Sun, 22 May 2005 00:42:04 -0500
> I'm running Woody distribution of Debian Linux on one of my servers and
> I use it as DNS sever - bind installed on it...
> The DNS server is available to LAN users as same as to internet users...
> For nonexistent records I use hint zone instead of forwarding to my
> provider...this means, I use cacheing of records from root servers...and
> that's the problem...records in my cache are available to internet and
> LAN users, which I don't want for security reasons...I would like them
> to be available only to my LAN users. Is it at least possible...?
Yes. Set up an acl containing your IP blocks, then set up two separate "view"
groups and use "match-clients" to filter down the list of IP's that are
matched into each view. For the external clients, set "recursion no."
-- # John Madden firstname.lastname@example.org: http://www.nerdarium.com # FreeLists: Free mailing lists for all: http://www.freelists.org # Linux, Apache, Perl and C: All the best things in life are free!