On 26.10.18 00:12, Frédéric Lochon wrote:
I'm new to this list, but I use BIND for quite some time.
I have a machine running BIND which is authoritative for some domains
I own and is the nameserver for my home network.
Thus:
- BIND answers to any query from my home network
- BIND answers to queries from the whole planet Earth for the domains I own
This is because:
- in "options", I have (among others) allow-query { trusted; };
- in each domain zone I have allow-query { any; };
Today, I just set-up a new zone of type "forward" but I have trouble
to make it work properly:
- my home network is allowed to send queries because it is "trusted"
- nobody from outside my home network is allowed to send queries
because it is not "trusted"
As you can't have "allow-query" in a zone of type "forward", I don't
find any nice solution.
You can and you also need to add allow-query for it. However, since forward
zone is not stored locally, all requests for it are fowarded, so you must
allow recursion for the zone, if you want to allow everyone to use it.
Now I have a question, why do you want people from outside to access forward
zone? can't you slave it instead?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
