LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 03-11-2005, 09:59 PM   #1
Comatose51
Member
 
Registered: Jan 2003
Location: New Haven, CT
Distribution: RedHat 8.0
Posts: 54

Rep: Reputation: 15
Securing DNS Server


Is there anyway for me to secure my DNS server so that only my internal users can use it to query all the DNS records out on the Internet and my network but only answer DNS queries regarding my domain for external users?

Example:

Let's say I have a DNS server, DNS1 and an internal user named Anne. There's also an external user named Bob.

Anne queries DNS1 for www.google.com and www.mydomain.com. I want DNS1 to answer them for Anne. When Bob queries DNS1 for www.mydomain.com, I want DNS1 to answer it. However, if Bob queries DNS1 for www.google.com, I want DNS1 to not answer it.'

Thanks.
 
Old 03-12-2005, 09:43 AM   #2
pazvant
Member
 
Registered: Jul 2003
Location: Istanbul
Distribution: slack
Posts: 43

Rep: Reputation: 15
Hi,

its possible to do it .If you use bind give access to internal IP address for dNS 1 and the forbid internal quaries for DNS2 ..
 
Old 03-12-2005, 06:34 PM   #3
Comatose51
Member
 
Registered: Jan 2003
Location: New Haven, CT
Distribution: RedHat 8.0
Posts: 54

Original Poster
Rep: Reputation: 15
What if I only have one server?
 
Old 03-13-2005, 01:49 AM   #4
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
there are acls in bind which can be implemented to ensure

1.only specific hosts can query

2.only specific dns servers can update from dns server. (like only slave dns servers will be allowed to update themselves)

acl "office" {
192.168.0.0/24;
192.168.100.0/24;
};

acl "secondary" {
192.168.0.10/32;
};

allow-query { office; };
allow-update { secondary; };
allow-transfer { "secondary"; };

Last edited by newpenguin; 03-13-2005 at 02:18 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Securing new samba server Hans Zilles Linux - Security 1 11-08-2005 07:40 PM
securing vnc server on RH juanb Linux - General 2 09-08-2005 08:31 AM
Securing Server brentos Linux - Security 4 06-08-2004 11:57 AM
Securing DNS hookooekoo Linux - Networking 1 12-26-2003 05:03 AM
securing a redhat 6.1 server JustinHoMi Linux - Security 4 07-19-2002 02:50 AM


All times are GMT -5. The time now is 09:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration