Re: security and allow-query and/or acl
This is a discussion on Re: security and allow-query and/or acl within the Bind Users forums, part of the DNS and Related Forums category; > I wanted to ask about the proper use of allow-query. I read that this should > be set ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-20-2003
|
|||
|
|||
Re: security and allow-query and/or acl
> I wanted to ask about the proper use of allow-query. I read that this should > be set up to allow queries only from local machines on my network. What are > the pros and cons for doing that? Would this prevent my external slaves > from being able to resolve my domain? My guess is that my external slaves > only need to be able to perform a zone transfer? If allow-query should be > set up to deny all queries from outside my domain, would an acl be a better > choice than using allow-query? > allow-query takes an acl. You generally override the global allow-query at the zone level. e.g. acl "recursive-clients" { ... }; options { ... allow-query { recursive-clients; }; }; zone "example.net" { type [master|slave]; ... allow-query { any; }; }; -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org 
|
Linear Mode
