Dear list,
I have one client with a specific zone. When the client does a query for
localhost on the nameserver, or a reverse lookup for 127.0.0.1,
everything seems perfectly okay. As soon, as the client tries to lookup
i.e. google.de or any external ip, I am getting query refused errors.
I got it fixxed with an allow-query statement.
But this arises another question: Does bind implicitly add allow-queries
for locally attached interfaces and the networks configured for these?
I am asking, because it used to work for all the subnets directly
attached to the machine.
Regards
Hi Markus,
check the dhcpd.log for the following messages:
I.e.
adding:
Sep 30 15:13:06 ns1 dhcpd: Added new forward map from
172-17-111-249.example.net to 172.17.111.2
49
Sep 30 15:13:06 ns1 dhcpd: added reverse map from
249.111.17.172.in-addr.arpa. to 172-17-111-249.
example.net
removing:
Dear list,
This seems more tricky, then I thought.
When I had no allow-query statement at all in my config, everything
worked find (includign recursion) for all clients, that were in subnets
directly attached to the server. The external view (authoriative, non
recursive) did work for every
On Sep 30 2009, Mark Andrews wrote:
In message prayer.1.3.2.0909291446310.21...@hermes-1.csi.cam.ac.uk,
Chris Thompson writes:
DNSSEC certainly adds to the aggravation of having lots of piddling little
reverse zones. Some people may just decide not to bother signing reverse
zones (reverse
From: Apisa, Kathy (US - MABS)
Sent: Wednesday, September 30, 2009 10:23 AM
To: 'bind-users@lists.isc.org'
Subject: Blocking top level domain
Greetings everyone
I would like to know how to implement the blocking of a top level domain
in Bind 9
For
Define block.
Return query refused?
Return name does not exist?
Return a wildcard entry pointing to a helpful web page, explaining why
you don't like Chinese domains?
Whatever you're trying to do, it's probably better done in a proxy, than
in DNS.
Hi, Kathy -
Put a firewall in front of your DNS server.
:-)
Cheers,
--Trey
From: Apisa, Kathy (US - MABS)
Sent: Wednesday, September 30, 2009 10:23 AM
To: 'bind-users@lists.isc.org'
Subject: Blocking top level domain
Greetings everyone
I would
Easiest way would probably be to load the .cn domain and just not put
anything in it.
On Wed, Sep 30, 2009 at 11:12 AM, Apisa, Kathy (US - MABS)
kathy.ap...@meggitt.com wrote:
--
*From:* Apisa, Kathy (US - MABS)
*Sent:* Wednesday, September 30, 2009 10:23 AM
Hello,
I have what seems to be a very basic question that I have been unable to find
an answer for. What determines the settings of the file permissions (and how
can I change those default settings) on zone files created during a zone
transfer, BIND or the OS (Solaris)?
thanks - jw
Is it possible to restrict user machines to only be able to update
their 'A' records on a specific subnet? We would like to allow DDNS
but restrict it to specific subnets and only allow the machines to
update their 'A' records. Allow-updates will not get us the record
restrictions we would
Have you read the documentation that describes what allow-query does?
varlistentry
termcommandallow-query/command/term
listitem
para
Specifies which hosts are allowed to ask ordinary
DNS questions.
In message blu143-w25839d996784c2e16bdb91a2...@phx.gbl, Jim Williams writes:
Hello=2C
=20
I have what seems to be a very basic question that I have been unable to fi=
nd an answer for. What determines the settings of the file permissions (and=
how can I change those default settings) on
On Wed, Sep 30, 2009 at 01:12:17PM -0400, Jim Williams wrote:
...
I have what seems to be a very basic question that I have been unable to find
an answer for. What determines the settings of the file permissions (and how
can I change those default settings) on zone files created during a zone
14 matches
Mail list logo
