Re: Bind cache availability...

• Previous message: Draq: "Bind cache availability..."
• In reply to: Draq: "Bind cache availability..."
• Next in thread: Santi Saez: "Re: Bind cache availability..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-linux@securityfocus.com, draque@gmail.com
Date: Sun, 22 May 2005 00:42:04 -0500

> I'm running Woody distribution of Debian Linux on one of my servers and
> I use it as DNS sever - bind installed on it...
> The DNS server is available to LAN users as same as to internet users...
> For nonexistent records I use hint zone instead of forwarding to my
> provider...this means, I use cacheing of records from root servers...and
> that's the problem...records in my cache are available to internet and
> LAN users, which I don't want for security reasons...I would like them
> to be available only to my LAN users. Is it at least possible...?

Yes. Set up an acl containing your IP blocks, then set up two separate "view"
groups and use "match-clients" to filter down the list of IP's that are
matched into each view. For the external clients, set "recursion no."

John

-- 
# John Madden  weez@freelists.org: http://www.nerdarium.com
# FreeLists: Free mailing lists for all: http://www.freelists.org
# Linux, Apache, Perl and C: All the best things in life are free!

• Previous message: Draq: "Bind cache availability..."
• In reply to: Draq: "Bind cache availability..."
• Next in thread: Santi Saez: "Re: Bind cache availability..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]