[CentOS] BIND with ACLs
Adriano Frare
alfrare at e-alinux.comTue Dec 12 00:22:33 UTC 2006
- Previous message: [CentOS] dovecot disconnect(s) / new facts
- Next message: [CentOS] BIND with ACLs
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear Friends,
I created um DNS server for network Internal and External same SERVER,
but the control by ACLs in named.conf don't work, when I active ACLs the
server don't resoluction external domain names.
Please, check NAMED.CONF file.
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named/";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
allow-query {
127.0.0.1/32;
192.168.1.0/24;
200.245.88.23/32;
200.162.222.37/32;};
allow-transfer { 127.0.0.1/32;
192.168.1.0/24;
200.162.222.37/32;
195.20.105.149/32;
193.111.27.194/32;
194.145.96.21/32;
193.23.158.13;};
allow-recursion { 127.0.0.1/32;
192.168.1.0/24;
200.162.222.37/32;};
// allow-notify { 127.0.0.1/32;
// 200.245.88.23/32;};
};
// LOG
logging {
channel query-log {
file "/var/named/data/query-log" versions 5 size 50m;
};
category queries { query-log; };
};
acl internals {
192.168.1/24;
127/8;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; };
};
view "external" {
match-clients { any; };
recursion no;
zone "conntrust.com" IN {
type master;
file "conntrust.com.hosts";
allow-update {none;};
allow-query {any;};
allow-transfer {any;};
};
zone "whitelist.conntrust.com" IN {
type master;
file "whitelist.conntrust.com.hosts";
allow-update {none;};
allow-query {any;};
allow-transfer {any;};
};
}; //acl external
view "internal" {
match-clients { internals; };
recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
// allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
// allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
// allow-update { none; };
};
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
type master;
file "named.ip6.local";
// allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
// allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
// allow-update { none; };
};
zone "conntrust.com" IN {
type master;
file "internal.conntrust.com.hosts";
allow-update { internals; };
};
}; // acl internal
include "/etc/rndc.key";
Thanks
Adriano
- Previous message: [CentOS] dovecot disconnect(s) / new facts
- Next message: [CentOS] BIND with ACLs
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list