Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-20-2006, 07:59 AM   #1
LQ Newbie
Registered: Aug 2006
Posts: 11

Rep: Reputation: 0
Securing BIND queries

I was wondering if someone can tell me how can I deny qurying from thoes outside our network range yet other DNS servers can still query for our hosted domains.
am using BIND 9.3.2

Thank you
Old 09-21-2006, 06:36 PM   #2
Registered: Dec 2001
Location: Portugal
Distribution: /Red Hat/Fedora/Solaris
Posts: 622

Rep: Reputation: 30

Try this website which you will find a sections about hoe to limit the query from certain hosts. See options below

allow-query {; net; };

Defines the networks from which clients can post DNS requests. Replace net with address information like 192.168.1/24. The /24 at the end is an abbreviated expression for the netmask, in this case,

allow-transfer ! *;;

controls which hosts can request zone transfers. In the example, such requests are completely denied with ! *. Without this entry, zone transfers can be requested from anywhere without restrictions.

Old 09-22-2006, 09:21 AM   #3
LQ Newbie
Registered: Aug 2006
Posts: 11

Original Poster
Rep: Reputation: 0
Thanks Tony
I can't limit the query to our NETS only becuase outside DNS servers will not be able to query and get authoritative replies about the zones we host.

I have tried that
Old 09-22-2006, 09:18 PM   #4
Registered: May 2004
Posts: 552

Rep: Reputation: 31
I think you are trying to stop what's called "recursion".
If recursion is disabled for the external view, then they can not use your DNS server to query hosts outside your zone.
Which brings me to suggest you should try using two views. One view for internal clients and one view for external clients. The keyword in the named.conf is
view "internal" IN {
    match-clients { my_private_nets; };
    recursion yes;
view "external" IN {
    match-clients { any; };
    recursion no;
Make sure the internal view is first and external view is second.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
DISCUSSION: Configure BIND DNS to Answer Active Directory Queries ghight LinuxAnswers Discussion 1 07-04-2007 09:46 AM
Configure BIND DNS to Answer Active Directory Queries Astro Linux - Networking 1 02-01-2006 03:50 PM
Runaway queries in BIND mj.fear Linux - Newbie 1 11-06-2005 01:09 PM
Some queries related to DNS(bind) coolamit78 Linux - Networking 1 12-19-2003 03:05 AM
securing BIND markus1982 Linux - Security 3 11-18-2002 02:45 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:03 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration