Re: BIND: How to prevent specific user to resolv internet DNS

From: Jason Dixon (jason_at_dixongroup.net)
Date: 09/04/03

  • Next message: Benjamin J. Weiss: "Re: Fw: firewall conf"
    To: Red Hat Mailing List <redhat-list@redhat.com>
    Date: 03 Sep 2003 22:39:51 -0400
    
    

    On Wed, 2003-09-03 at 22:26, Budi Febrianto wrote:
    > >> I installed Bind-9 in RHL 8.0. Bind is act as internal DNS and also act
    > as caching DNS for external DNS server to query internet DNS.
    > I want that only specific users who can query to external DNS, and the
    > rest is restricted.
    >
    > Is that possible?
    >
    > >No. Bind can control which IP addresses can resolve which names or
    > >addresses, but it has no concept of usernames.
    >
    > Yes, IP's will do fine.
    >
    > I want to allow only a range of IP's (172.16.1.1-172.16.1.50) to query to
    > external DNS, and the rest only can query internal DNS.
    >
    > How can bind control it?

    Previously, you'd need to run split-horizon DNS. Bind 9 is nice in that
    it uses the "views" feature. O'Reilly has a good explanation of the
    concept and its implementation:

    http://sysadmin.oreilly.com/news/views_0501.html

    -- 
    Jason Dixon, RHCE
    DixonGroup Consulting
    http://www.dixongroup.net
    -- 
    redhat-list mailing list
    unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
    https://www.redhat.com/mailman/listinfo/redhat-list
    

  • Next message: Benjamin J. Weiss: "Re: Fw: firewall conf"

    Relevant Pages

    • Re: BIND split dns
      ... > I've been trying to make bind split dns work, and i'd been reading a lot ... > whereas if the same site is accessed from the internet my public ip ... > internal and external DNS traffic. ... I am assuming you're running bind 9. ...
      (RedHat)
    • BIND: How to prevent specific user to resolv internet DNS
      ... Bind is act as internal DNS and also act as ... caching DNS for external DNS server to query internet DNS. ... I want that only specific users who can query to external DNS, ...
      (RedHat)
    • [NEWS] BIND 9 DNS Cache Poisoning
      ... BIND 9 DNS Cache Poisoning ... source UDP port and DNS transaction ID can be effectively predicted. ... address of the target name server), and the destination UDP port (53 the ...
      (Securiteam)
    • [UNIX] Multiple Remote Vulnerabilities in BIND4 and BIND8
      ... ISS X-Force has discovered several serious vulnerabilities in the Berkeley ... Internet Name Domain Server (BIND). ... majority of DNS servers on the Internet. ... deployed recursive DNS servers on the Internet. ...
      (Securiteam)
    • Re: DNS Manipulation via IPTables or other means?
      ... You might use the BIND view functionality ... I thought I could alter DNS responses ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic ...
      (Security-Basics)