How do I restrict queries to internal hosts?
> Hope you can help....
I hope so, too.
> We have a Class C in our office with a number
of workstations, a webserver
> hosting multiple domains, and email server
and 2 DNS servers.
>
> With our primary DNS Server I have noticed
that its bandwidth has spiked
> from maybe 2 megs of traffic to 200 per hour
and have traced the activity to
> the DNS service itself. It looks IP's outside
of our Class C are connecting
> to our DNS server and resolving address's
at an alarming rate. This is
> happening a couple of times a week.
>
> My question is, is there a way to setup a
DNS server so that it answers
> requests ONLY for domains within our IP range
AND still resolve external
> domain names for our workstations, web servers
and mail servers?
Yes, absolutely.
The easiest way to set this up is to use the
allow-recursion substatement
introduced in BIND 8.2.1. This lets you limit
recursive queries to your
internal IP addresses. For example:
acl internal { 192.168.0/24; };
options {
allow-recursion
{ internal; };
};
For a more complete example, see slide 28 of
this presentation:
http://www.linuxsecurity.com/resource_files/server_security/securing_an_internet_name_server.pdf
cricket
Men & Mice
Market leaders in the world of DNS, DHCP and IP Address Management, serving thousands of customers.
Contact information