Re: BIND: How to prevent specific user to resolv internet DNS

From: Jason Dixon (jason_at_dixongroup.net)
Date: 09/04/03

  • Next message: Benjamin J. Weiss: "Re: Fw: firewall conf"
    To: Red Hat Mailing List <redhat-list@redhat.com>
    Date: 03 Sep 2003 22:39:51 -0400
    
    

    On Wed, 2003-09-03 at 22:26, Budi Febrianto wrote:
    > >> I installed Bind-9 in RHL 8.0. Bind is act as internal DNS and also act
    > as caching DNS for external DNS server to query internet DNS.
    > I want that only specific users who can query to external DNS, and the
    > rest is restricted.
    >
    > Is that possible?
    >
    > >No. Bind can control which IP addresses can resolve which names or
    > >addresses, but it has no concept of usernames.
    >
    > Yes, IP's will do fine.
    >
    > I want to allow only a range of IP's (172.16.1.1-172.16.1.50) to query to
    > external DNS, and the rest only can query internal DNS.
    >
    > How can bind control it?

    Previously, you'd need to run split-horizon DNS. Bind 9 is nice in that
    it uses the "views" feature. O'Reilly has a good explanation of the
    concept and its implementation:

    http://sysadmin.oreilly.com/news/views_0501.html

    -- 
    Jason Dixon, RHCE
    DixonGroup Consulting
    http://www.dixongroup.net
    -- 
    redhat-list mailing list
    unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
    https://www.redhat.com/mailman/listinfo/redhat-list
    

  • Next message: Benjamin J. Weiss: "Re: Fw: firewall conf"