On my RHEL5 box the way I insured neither cache lookups nor recursive
lookups would work for outsiders was modify named conf to have:
1) options section:
allow-query { internaldns; externaldns; };
allow-recursion { internaldns; externaldns; };
2) Create ACLs named internaldns and externaldns which specified IPs or
ranges of IPs that I wanted to allow to do recursive and cache lookups.
3) Modify each zone section to include:
allow-query { any; };
The options section is global so restricts queries (including cache) and
recursion to only the IPs defined in the ACLs. The modification of the
zone sections allows anyone (whether there in the ACLs or not) to do
queries of the zones for which we're authoritative.
Note this was on the RHEL5 patched version of 9.3.4-P1 which has also
been back ported to have the new exploit port randomization fix. I
believe it would work for the version you noted as well.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Peter Laws
Sent: Wednesday, July 30, 2008 12:44 PM
To: Jeremy C. Reed
Cc: bind-users@isc.org
Subject: Re: Preventing recursion ... (preventing confusion?)
Jeremy C. Reed wrote:
> With older versions, a workaround is to have a default allow-query for
> just your local networks (like your allow-recursion) in the options
and
> then open up allow-query { any; }; just within your specific zone
> statements.
Clearly, RH hasn't back-ported that feature.
The work-around gives the desired e-finger.
Many thanks!
--
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
[EMAIL PROTECTED]
-----------------------------------------------------------------------
Feedback? Contact my director, Craig Cochell, [EMAIL PROTECTED] Thank you!
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
information and is for the sole use of the intended recipient(s). If you are
not the intended recipient, any disclosure, copying, distribution, or use of
the contents of this information is prohibited and may be unlawful. If you have
received this electronic transmission in error, please reply immediately to the
sender that you have received the message in error, and delete it. Thank you.
----------------------------------
