[H-GEN] local dns only
Bruce Campbell
bc at humbug.org.au
Thu Dec 5 08:05:44 EST 2002
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
On Thu, 5 Dec 2002, Douglas C wrote (twice):
> > acl internal { 127.0.0.1/8; 192.168.0.0/24; };
> > acl external { ! internal; };
> >
> > options {
> > ...
> > allow-query { internal; };
Note that you can quite nicely shoot yourself in the foot here, if your
nameserver is also authoritative for a particular zone which should be
visible from the outside of your network.
Hence, in that instance, you don't want to apply a restriction to
allow-query, but you would want to keep the restrictions on:
> > allow-transfer { internal; }; // who can be given zone transfers
> > allow-recursion { internal; }; // who gets full DNS lookups
> > };
--==--
Bruce.
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list