[Fedora] Re: bind lame servers
David G. Miller
dave at davenjudy.org
Fri May 25 06:29:06 UTC 2007
Jason L Tibbitts III <tibbs at math.uh.edu> wrote:
> "DGM" == David G Miller <dave at davenjudy.org> writes:
>
>
> DGM> The allow-query clause means that anyone outside of my network
> DGM> get a query refused.
>
> Of course, this is not terribly useful if you are actually serving
> zones to the global DNS, but you can use "allow-recursion" in place of
> "allow-query" in that case. It's probably the best way to do things
> unless you have another reason to set up multiple views.
Sorry. I thought the example was clear. The ruleset I posted only
applies to queries for my internal network (zone local.davenjudy.org).
Queries for my external addresses hit another ruleset that allows
queries but not updates:
zone "davenjudy.org" IN {
type master;
file "davenjudy.org";
allow-query {
any;
};
};
That is, you can define independent rules for each zone in named.conf.
Since the rulesets can use ACLs that allow a subnet mask, maintenance is
pretty trivial. Obviously, I don't want "allow-recursion" for this
ruleset but could see where it might come in handy if I had a large
enough network.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
More information about the fedora-list
mailing list