18 Jan
2007
18 Jan
'07
5:02 a.m.
Joe Abley wrote:
Throw on an ACL to restrict recursive lookups (and to deny queries, if the servers aren't also authority servers) and the problem frequently goes away.
I'd be interested to see a working BIND 9 ACL to restrict recursion to certain clients only.
in named.conf: acl "localonly" { 192.168.1.0/24; ... 192.168.250.0/24; }; options { .... allow-recursion { "localonly"; }; .... }; see the BIND admin reference manual for more info (or one of the many howtos available on teh intarwebs) /joshua -- A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. - Douglas Adams -