LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Securing DNS Server (https://www.linuxquestions.org/questions/linux-security-4/securing-dns-server-300591/)

Comatose51 03-11-2005 08:59 PM

Securing DNS Server
 
Is there anyway for me to secure my DNS server so that only my internal users can use it to query all the DNS records out on the Internet and my network but only answer DNS queries regarding my domain for external users?

Example:

Let's say I have a DNS server, DNS1 and an internal user named Anne. There's also an external user named Bob.

Anne queries DNS1 for www.google.com and www.mydomain.com. I want DNS1 to answer them for Anne. When Bob queries DNS1 for www.mydomain.com, I want DNS1 to answer it. However, if Bob queries DNS1 for www.google.com, I want DNS1 to not answer it.'

Thanks.

pazvant 03-12-2005 08:43 AM

Hi,

its possible to do it .If you use bind give access to internal IP address for dNS 1 and the forbid internal quaries for DNS2 ..

Comatose51 03-12-2005 05:34 PM

What if I only have one server?

newpenguin 03-13-2005 12:49 AM

there are acls in bind which can be implemented to ensure

1.only specific hosts can query

2.only specific dns servers can update from dns server. (like only slave dns servers will be allowed to update themselves)

acl "office" {
192.168.0.0/24;
192.168.100.0/24;
};

acl "secondary" {
192.168.0.10/32;
};

allow-query { office; };
allow-update { secondary; };
allow-transfer { "secondary"; };


All times are GMT -5. The time now is 09:47 PM.