The syntax for a forward zone is:
zone domain_name <http://www.bind9.net/doc-v8/docdef.html> [ ( in | hs | hesiod | chaos ) ] {
type forward;
[ forward ( only | first ); ]
[ forwarders { [ ip_addr <http://www.bind9.net/doc-v8/docdef.html> ; [ ip_addr
; ... ] ] }; ]
[ check-names ( warn | fail | ignore ); ]
};
For the kind of access control you're trying to achieve, use a "view".
The syntax is as follows.
view view_name
[class] {
match-clients { address_match_list };
match-destinations { address_match_list };
match-recursive-only yes_or_no ;
[ view_option; ...]
[ zone_statement; ...]
};
Do some perusing of the Administrator's Reference Manual (ARM). You
might find the information in there quite useful.
Regards,
Richard
Prabhat Rana wrote:
Hi Nuno,
Thanks for the response. However, I don't own the authoritative servers. And
the clients that I am serving don't have direct access to the authoritative
servers.
Prabhat.
--- On Mon, 7/12/10, Nuno Paquete <nunopaqu...@lusocargo.pt> wrote:
From: Nuno Paquete <nunopaqu...@lusocargo.pt>
Subject: Re: ACL for forward zone
To: "Prabhat Rana" <prana9...@yahoo.com>
Cc: bind-users@lists.isc.org
Date: Monday, July 12, 2010, 4:17 PM
Hi Prabhat,
I think you don't need this ACL in your forwarder server,
define it on
the authoritative server (1.2.3.4 and 5.6.7.8, according to
your
example).
Regards,
Nuno Paquete
No dia 2010/07/12, às 19:27, "Prabhat Rana" <prana9...@yahoo.com>
escreveu:
Hello all,
I have BIND 9.7.1 installed in Solaris 10. I need to
use a forwarder
for a certain internal private IP zone to a certain
internal DNS
severs. In the meantime I need to use certain ACL so
that it would
forward the queries and reply to them only from
certain IP address
clients. So I used the following conifgs in
named.conf
acl "Internal" {10.0.1.0/24)
zone "10.in-addr.arpa" in {
type forward;
forwarders { 1.2.3.4;
5.6.7.8; };
allow-query { "Internal";
};
However it appears I can't use 'allow query'
option in forward zone
as seen in the syslog
/etc/named.conf:102: option 'allow-query' is not
allowed in
'forward' zone '10.in-addr.arpa'
Basically you know what I'm trying to achieve. So if
anyone has any
tip how can I use forward from the clients only within
certain IP
address range, that would be great.
Prabhat.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
The information transmitted in this email and any of its attachments is
intended only for the person or entity to which it is addressed and may contain
Cablevision proprietary information, which is privileged, confidential, or
subject to copyright belonging to Cablevision. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon, this
information by persons or entities other than the intended recipient is
prohibited and may be unlawful. If you received this in error, please contact
the sender immediately and delete and destroy the communication and all of the
attachments you have received and all copies thereof.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
