[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

securing bind




Hey, I have a question about bind 8's params.
I have a dns server that is authoritative for quite a few domains, however
the same server is running mail services.
When I sent the no recursive lookup option within bind, mail can't be sent
since the machine can't do lookups for MX records of foreign domains.
However, when I set recursion back to on, I find that there a quite a few
nastly isps that are pointing to my box as a dns resolution tool rather
than setting up their own dns machine.
I am looking for a way that I can set my box to do recursive lookups, but
at the same time, only allow certain machines to do them. I also want my
machine to be able to answer dns queries for anyone for the domains that
it is authoritative.

So far I have

options { 
directory "/usr/local/named"; 
allow-transfer { a.b.c.d; };
recursion yes;
};

I tried:

acl self-list { x.x.x.x; }

and added:

options { 
directory "/usr/local/named"; 
allow-transfer { a.b.c.d; };
allow-query { self-list; };
recursion yes;
};

but this just prevented everyone but this machine from doing any lookups
to my server, including for domains that it should be responsible for.

-cjm


--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.