LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-20-2006, 07:59 AM   #1
broadcast
LQ Newbie
 
Registered: Aug 2006
Posts: 11

Rep: Reputation: 0
Securing BIND queries


Hello,
I was wondering if someone can tell me how can I deny qurying from thoes outside our network range yet other DNS servers can still query for our hosted domains.
am using BIND 9.3.2

Thank you
 
Old 09-21-2006, 06:36 PM   #2
aqoliveira
Member
 
Registered: Dec 2001
Location: Portugal
Distribution: /Red Hat/Fedora/Solaris
Posts: 622

Rep: Reputation: 30
Hey

Try this website which you will find a sections about hoe to limit the query from certain hosts. See options below

http://www-uxsup.csx.cam.ac.uk/pub/d...dns.named.html

allow-query { 127.0.0.1; net; };

Defines the networks from which clients can post DNS requests. Replace net with address information like 192.168.1/24. The /24 at the end is an abbreviated expression for the netmask, in this case, 255.255.255.0.

allow-transfer ! *;;

controls which hosts can request zone transfers. In the example, such requests are completely denied with ! *. Without this entry, zone transfers can be requested from anywhere without restrictions.

Cheers
Tony
 
Old 09-22-2006, 09:21 AM   #3
broadcast
LQ Newbie
 
Registered: Aug 2006
Posts: 11

Original Poster
Rep: Reputation: 0
Hello,
Thanks Tony
I can't limit the query to our NETS only becuase outside DNS servers will not be able to query and get authoritative replies about the zones we host.

I have tried that
 
Old 09-22-2006, 09:18 PM   #4
randyding
Member
 
Registered: May 2004
Posts: 552

Rep: Reputation: 31
I think you are trying to stop what's called "recursion".
If recursion is disabled for the external view, then they can not use your DNS server to query hosts outside your zone.
Which brings me to suggest you should try using two views. One view for internal clients and one view for external clients. The keyword in the named.conf is
Code:
view "internal" IN {
    match-clients { my_private_nets; };
    recursion yes;
    ...
}
view "external" IN {
    match-clients { any; };
    recursion no;
    ...
}
Make sure the internal view is first and external view is second.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DISCUSSION: Configure BIND DNS to Answer Active Directory Queries ghight LinuxAnswers Discussion 1 07-04-2007 09:46 AM
Configure BIND DNS to Answer Active Directory Queries Astro Linux - Networking 1 02-01-2006 03:50 PM
Runaway queries in BIND mj.fear Linux - Newbie 1 11-06-2005 01:09 PM
Some queries related to DNS(bind) coolamit78 Linux - Networking 1 12-19-2003 03:05 AM
securing BIND markus1982 Linux - Security 3 11-18-2002 02:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration