not just iptables, you can do it in bind9
in your named.conf.options:
acl allowedclients {
10.20.20.0/24;
localhost;
localnets;
};
put your different netblocks in there, 10.20.20.0/24 is an example
then further down in the same file, this is an example from my ns1
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
recursion yes;
notify yes;
allow-query { allowedclients; };
allow-transfer { ip.address.of.my.ns2; };
On Thu, Oct 2, 2014 at 10:27 AM, Sean Heskett via Af <[email protected]> wrote:
> BIND is your friend.
>
> i'd also set iptables to only allow queries from your network.
>
>
>
> On Thu, Oct 2, 2014 at 11:20 AM, That One Guy via Af <[email protected]> wrote:
>
>> Is there a good, simple package for locally hosted DNS Servers for people
>> like me who dont want to get too far into managing the linux at a granular
>> level? we are used to the webmin interface. It would be nice if it had the
>> option to set up client accounts for some clients to manage their own DNS
>> but not view others, but thats in no way a deal breaker
>>
>> --
>> All parts should go together without forcing. You must remember that the
>> parts you are reassembling were disassembled by you. Therefore, if you
>> can't get them together again, there must be a reason. By all means, do not
>> use a hammer. -- IBM maintenance manual, 1925
>>
>
>
