RE: Bind cache availability...
From: Ugo Bellavance (ugob_at_camo-route.com)
Date: 05/22/05
- Previous message: Santi Saez: "Re: Bind cache availability..."
- Maybe in reply to: Draq: "Bind cache availability..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 22 May 2005 10:28:47 -0400 To: <focus-linux@securityfocus.com>
John Madden wrote:
>> I'm running Woody distribution of Debian Linux on one of my servers
>> and I use it as DNS sever - bind installed on it...
>> The DNS server is available to LAN users as same as to internet
>> users... For nonexistent records I use hint zone instead of
>> forwarding to my provider...this means, I use cacheing of records
>> from root servers...and that's the problem...records in my cache are
>> available to internet and LAN users, which I don't want for security
>> reasons...I would like them to be available only to my LAN users. Is
>> it at least possible...?
>
> Yes. Set up an acl containing your IP blocks, then set up two
> separate "view" groups and use "match-clients" to filter down the
> list of IP's that are matched into each view. For the external
> clients, set "recursion no."
>
> John
What version of bind are you running Draq?
- Previous message: Santi Saez: "Re: Bind cache availability..."
- Maybe in reply to: Draq: "Bind cache availability..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
