Dale Amon said on Wed, Jan 28, 2004 at 10:11:16PM +0000:
> I've finally been annoyed enough by spammer hits on
> my DNS that I've pulled out the BOG for the first time
> in several years.
>
> What I'd like to accomplish is the following:
>
> * allow-query for a specific list of addresses
> to use the server for their dns resolution.
>
> * allow-query to the universe for zones
> (domains and subdomains) that are hosted
> as primary or secondary on the server but
> drop all other requests.
Both of the above are handled by the allow-recursion restriction.
ie:
acl mydomain {
192.168.0.0/24;
10.1.1.0/24;
};
options {
allow-recursion {
mydomain;
};
};
This allows hosts in the mydomain acl to make recursive DNS queries, and blocks
recursion for everyone else. Recursion is what allows bind to respond to
requests for zones it's not actually hosting.
M
Attachment:
pgpmg7JUka77G.pgp
Description: PGP signature