Hardening named.conf
I've finally been annoyed enough by spammer hits on
my DNS that I've pulled out the BOG for the first time
in several years.
What I'd like to accomplish is the following:
* allow-query for a specific list of addresses
to use the server for their dns resolution.
* allow-query to the universe for zones
(domains and subdomains) that are hosted
as primary or secondary on the server but
drop all other requests.
* I already limit zone xfr's to specific
machines.
I'm not clear on how to do the first and second without
them interfering with each other although I'm sure
it can be done.
I am leaning towards an options allow-query with a
an access list and adding allow-query to each zone
to allow-query all if I can figure out how to do that.
If some kind soul knows off the top of their head, it
would save me the better part of an evening and perhaps
wee hours of the morning.
--
------------------------------------------------------
Dale Amon amon@islandone.org +44-7802-188325
International linux systems consultancy
Hardware & software system design, security
and networking, systems programming and Admin
"Have Laptop, Will Travel"
------------------------------------------------------
Reply to: