Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-18-2011, 04:23 AM
|
#1
|
Member
Registered: Feb 2009
Distribution: Mainly CentOS6.4 x64
Posts: 161
Rep:
|
ACL for Bind 9 only allowing host names lookup for LAN
This is a kind of extension to the previous thread I made about allowing a DNS publically resolving, as such (apologies for my lack of good english with this lol).
But thanks to the great people that replied to to, it's now working.
What the client is asking of me now is to be able to allow only local network (LAN) clients to resolv the hostnames of nodes on his network.
Using ACL's of course, I would just create 2 zones files wouldn't I?
So I would potentially have 2 zones files wouldnt i?
So there would be example.com.zones.internal (which would be wrapped inside the internal ACL, like a subnet of 192.168.0.0/24 as I believe I set it up as).
So only the local subnet can view this configuration, ie resolv host names.
Then setup the external so all the queries outside can only resolv his public names like www for example.
Am I thinking this through properly?
Thanks to those people again I was able to principly get this working its functioning now as he has tested his web server on this and it works, I am so impressed with myself that I understand more about DNS servers, even embarking on doing RDNC keys, but just having a problem thinking this through properly and would like to have anyones opinion on this.
I appreciate any reply in advance,
Jez.
|
|
|
02-19-2011, 12:51 PM
|
#2
|
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873
|
It seems to me that you would have a DNS server on the LAN that could only be accessed by the local LAN clients.
If the DNS server is on a public facing interface then you could use iptables to restrict which computers could connect to the DNS server lookup daemon's port.
ACLs cannot work because they are for restricting access to files. The DNS server's daemon must be able to see all of the DNS files so the only other method available is to restrict access to the DNS service itself via iptables.
Last edited by stress_junkie; 02-19-2011 at 12:52 PM.
|
|
|
02-21-2011, 03:11 AM
|
#3
|
Member
Registered: Feb 2009
Distribution: Mainly CentOS6.4 x64
Posts: 161
Original Poster
Rep:
|
No I dont think your understanding what I am talking about.
A client of mine has a public DNS server right? People query from outside yes?
He wants though to be able to query it using his own lan node names on his network, is it possible to allow him to do this yet not allow the node names from outside?
Thats it, it has already been setup as a public facing dns, he just wants to allow his own network users to query hostnames, not the outside world though.
Where as records like www will be accessible inside and outside, and then node1.whateverdomain.com be accessible from just inside the local lan.
Thanks,
Jez.
Last edited by j.smith1981; 02-21-2011 at 03:12 AM.
|
|
|
02-28-2011, 10:53 AM
|
#4
|
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873
|
I just discovered this web page that has an example of using an acl inside the BIND configuration files.
http://www.howtoforge.com/how-to-pat...-fedora-centos
I hope that helps.
|
|
|
All times are GMT -5. The time now is 11:52 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|