Jason L Tibbitts III <tibbs@xxxxxxxxxxx> wrote:
"DGM" == David G Miller <dave@xxxxxxxxxxxxx> writes:
DGM> The allow-query clause means that anyone outside of my network
DGM> get a query refused.
Of course, this is not terribly useful if you are actually serving
zones to the global DNS, but you can use "allow-recursion" in place of
"allow-query" in that case. It's probably the best way to do things
unless you have another reason to set up multiple views.
Sorry. I thought the example was clear. The ruleset I posted only
applies to queries for my internal network (zone local.davenjudy.org).
Queries for my external addresses hit another ruleset that allows
queries but not updates:
zone "davenjudy.org" IN {
type master;
file "davenjudy.org";
allow-query {
any;
};
};
That is, you can define independent rules for each zone in named.conf.
Since the rulesets can use ACLs that allow a subnet mask, maintenance is
pretty trivial. Obviously, I don't want "allow-recursion" for this
ruleset but could see where it might come in handy if I had a large
enough network.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
