Close. I mean a properly-configured instance of squid, or a SOCKS
proxy, or whatever other non-DNS, application level proxy you want to
provide. Just configure your kiosks to use them. Then the kiosks
themselves don't need DNS resolution at all.
Chris Buxton
BlueCat Networks
On 5/12/10, Brian Can
> Or else set up secure proxies and disallow all DNS resolution (an
> empty root zone).
I'm not sure what you mean by "secure proxies". Do you mean some non-BIND
software capable of forwarding and filtering DNS queries/responses? If so,
do you have anything particular in mind?
Thanks,
Brian.
__
Yes, of course. I've made that mistake before, in fact.
Use a custom root zone, as I believe you originally mentioned, with
delegations to just the zones that should be reachable.
Or else set up secure proxies and disallow all DNS resolution (an
empty root zone).
Chris Buxton
BlueCat Networks
O
On Mon, May 10, 2010 at 11:54:57AM -0700, Chris Buxton wrote:
> One strategy would be to set up a view that matches recursive queries
> only. Set allow-query to none at the view, then set it any (or
> whatever) in each zone of type forward or stub.
Thank you Chris.
Unfortunately, allow-query is r
Recursion is enabled/allowed at the view level, not the zone level.
One strategy would be to set up a view that matches recursive queries
only. Set allow-query to none at the view, then set it any (or
whatever) in each zone of type forward or stub.
Or if you want to use your root zone idea, make
5 matches
Mail list logo
