Bob McDonald <bmcdonal...@gmail.com> wrote:
> To further lock this information down I would suggest adding the
> following view statements to any internet facing DNS device configuration:
>
> view "outsiders" chaos {
> match-clients { !127.0.0.1; !your-inside--nets; any; };
> allow-query { none; };
> # we need a zone within a view and Bind complains on startup if there is no
> hint file in classes
> # other than internet. (it is provided with the software for the internet
> class)
> zone "." chaos {
> type hint;
> file "/dev/null"; // or any empty file
> };
>
> };
Another way is to use BIND's syntax for explicitly configuring the special
server information zones, like below. This view handles all queries for
the chaos class, and rejects queries from nonlocal clients.
view bind chaos {
recursion no;
allow-query { localhost; localnets; };
zone authors.bind ch { type master; database "_builtin authors"; };
zone hostname.bind ch { type master; database "_builtin hostname"; };
zone version.bind ch { type master; database "_builtin version"; };
zone id.server ch { type master; database "_builtin id"; };
};
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
moderate, but rough in southwest Viking. Showers later. Good, occasionally
poor later.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
