The default for allow query is local host local nets. Basically the server
itself and directly connected networks
On Sep 29, 2014 8:03 PM, "Bill Christensen" <billc_li...@greenbuilder.com>
wrote:
> Hi folks,
>
> Something got sideways on one of my DNS servers, and I would appreciate
> some help in figuring out what's going on.
>
> I'm running BIND 9.10.1. This server is authoritative master for a number
> of domains.
>
> First off, I may have the allow-query set incorrectly. Currently I have:
>
> acl query-permit {
> (range of IP address on the local LAN which are allowed to use this
> server as their query server)
> };
>
> acl recursive-permit {
> (range of IP address on the local LAN which are allowed to use this
> server for recursive queries)
> };
>
> acl transfer-permit {
> (IP addresses of a couple other name servers allowed to do transfers
> with this one)
> };
>
> and at the beginning of the options section:
>
> allow-recursion { recursive-permit; };
> allow-transfer { transfer-permit; };
> // allow-query { query-permit; };
>
> Allow-query is commented out, which I assume will allow anyone to query
> this server for the domains for which it has master or slave records, but
> does not allow the general public to do recursive queries or queries on
> domains not hosted here.
>
> Let me know if I've got that right, or how to correct it if I don't.
>
> If this part is correct I'll continue the questioning.
>
> Thanks!
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
