LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-18-2011, 04:23 AM   #1
j.smith1981
Member
 
Registered: Feb 2009
Distribution: Mainly CentOS6.4 x64
Posts: 161

Rep: Reputation: 1
Question ACL for Bind 9 only allowing host names lookup for LAN


This is a kind of extension to the previous thread I made about allowing a DNS publically resolving, as such (apologies for my lack of good english with this lol).

But thanks to the great people that replied to to, it's now working.

What the client is asking of me now is to be able to allow only local network (LAN) clients to resolv the hostnames of nodes on his network.

Using ACL's of course, I would just create 2 zones files wouldn't I?

So I would potentially have 2 zones files wouldnt i?

So there would be example.com.zones.internal (which would be wrapped inside the internal ACL, like a subnet of 192.168.0.0/24 as I believe I set it up as).

So only the local subnet can view this configuration, ie resolv host names.

Then setup the external so all the queries outside can only resolv his public names like www for example.

Am I thinking this through properly?

Thanks to those people again I was able to principly get this working its functioning now as he has tested his web server on this and it works, I am so impressed with myself that I understand more about DNS servers, even embarking on doing RDNC keys, but just having a problem thinking this through properly and would like to have anyones opinion on this.

I appreciate any reply in advance,
Jez.
 
Old 02-19-2011, 12:51 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
It seems to me that you would have a DNS server on the LAN that could only be accessed by the local LAN clients.

If the DNS server is on a public facing interface then you could use iptables to restrict which computers could connect to the DNS server lookup daemon's port.

ACLs cannot work because they are for restricting access to files. The DNS server's daemon must be able to see all of the DNS files so the only other method available is to restrict access to the DNS service itself via iptables.

Last edited by stress_junkie; 02-19-2011 at 12:52 PM.
 
Old 02-21-2011, 03:11 AM   #3
j.smith1981
Member
 
Registered: Feb 2009
Distribution: Mainly CentOS6.4 x64
Posts: 161

Original Poster
Rep: Reputation: 1
No I dont think your understanding what I am talking about.

A client of mine has a public DNS server right? People query from outside yes?

He wants though to be able to query it using his own lan node names on his network, is it possible to allow him to do this yet not allow the node names from outside?

Thats it, it has already been setup as a public facing dns, he just wants to allow his own network users to query hostnames, not the outside world though.

Where as records like www will be accessible inside and outside, and then node1.whateverdomain.com be accessible from just inside the local lan.

Thanks,
Jez.

Last edited by j.smith1981; 02-21-2011 at 03:12 AM.
 
Old 02-28-2011, 10:53 AM   #4
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
I just discovered this web page that has an example of using an acl inside the BIND configuration files.

http://www.howtoforge.com/how-to-pat...-fedora-centos

I hope that helps.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
bind acl program huyangyang Linux - Server 5 02-04-2010 12:58 AM
slow lookup of names (resolution¿?) hgb Linux - Networking 2 03-30-2006 12:24 PM
Bind and reverse lookup, something ain't right. Sizam Linux - Networking 1 04-25-2005 06:51 PM
how does dns/host names work on local lan gman_O0O0 Linux - Networking 1 04-11-2005 12:22 AM
BIND 9 won't reslove host names jglazner Linux - Networking 4 02-23-2004 06:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration