Securing DNS Server

Comatose51 · 03-11-2005, 08:59 PM

Is there anyway for me to secure my DNS server so that only my internal users can use it to query all the DNS records out on the Internet and my network but only answer DNS queries regarding my domain for external users?

Example:

Let's say I have a DNS server, DNS1 and an internal user named Anne. There's also an external user named Bob.

Anne queries DNS1 for www.google.com and www.mydomain.com. I want DNS1 to answer them for Anne. When Bob queries DNS1 for www.mydomain.com, I want DNS1 to answer it. However, if Bob queries DNS1 for www.google.com, I want DNS1 to not answer it.'

Thanks.

pazvant · 03-12-2005, 08:43 AM

Hi,

its possible to do it .If you use bind give access to internal IP address for dNS 1 and the forbid internal quaries for DNS2 ..

Comatose51 · 03-12-2005, 05:34 PM

What if I only have one server?

newpenguin · 03-13-2005, 12:49 AM

there are acls in bind which can be implemented to ensure

1.only specific hosts can query

2.only specific dns servers can update from dns server. (like only slave dns servers will be allowed to update themselves)

acl "office" {
192.168.0.0/24;
192.168.100.0/24;
};

acl "secondary" {
192.168.0.10/32;
};

allow-query { office; };
allow-update { secondary; };
allow-transfer { "secondary"; };