Hi,
I am a bind noob & am attempting to setup a DNS server that will only respond to requests for certain domains.
for example, should be allowed to get to: foo.org but NOT microsoft.com, pepsi.com etc.
I assume the easiest way to get this done is to setup foo.org to be forwarded to its actual DNS server and then remove root hints and disable forwarders.
From everything I've read on BIND, it seems like this *should* be doable but perhaps I'm wrong.
My problem is that in order for the server to actually forward the request if I have recursion on globally. This means that my server will also respond to pepsi.com.
If I have recursion turned off the query gets refused by my dns server...
Am I going about this all wrong? Is there any way to do this?
Here is my named.conf file
Code:
options {
directory "/etc/namedb"; // Working directory
recursion no; // this will disable lookups against our server recursion no;
pid-file "/var/run/named.pid"; // Put pid file in working dir
statistics-file "/var/run/named.stats";
version "Bind 10";
dnssec-enable no;
allow-query { any; };
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1;any; } keys { "rndc-key"; };
};
// Root server hints
// Provide a reverse mapping for the loopback address 127.0.0.1
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
notify no;
};
include "/etc/rndc.key";
zone "foo.org" {
type forward;
forwarders {
xxx.xxx.xxx.xxx;
};
};