How do I restrict queries to internal hosts?
Answered Fri, 15 Feb 2002> Hope you can help....
I hope so, too.
> We have a Class C in our office with a number of workstations, a webserver
> hosting multiple domains, and email server and 2 DNS servers.
>
> With our primary DNS Server I have noticed that its bandwidth has spiked
> from maybe 2 megs of traffic to 200 per hour and have traced the activity to
> the DNS service itself. It looks IP's outside of our Class C are connecting
> to our DNS server and resolving address's at an alarming rate. This is
> happening a couple of times a week.
>
> My question is, is there a way to setup a DNS server so that it answers
> requests ONLY for domains within our IP range AND still resolve external
> domain names for our workstations, web servers and mail servers?
Yes, absolutely.
The easiest way to set this up is to use the allow-recursion substatement
introduced in BIND 8.2.1. This lets you limit recursive queries to your
internal IP addresses. For example:
acl internal { 192.168.0/24; };
options {
allow-recursion { internal; };
};
For a more complete example, see slide 28 of this presentation:
http://www.linuxsecurity.com/resource_files/server_security/securing_an_internet_name_server.pdf
cricket