Re: BIND: How to prevent specific user to resolv internet DNS
From: Jason Dixon (jason_at_dixongroup.net)
To: Red Hat Mailing List <email@example.com> Date: 03 Sep 2003 22:39:51 -0400
On Wed, 2003-09-03 at 22:26, Budi Febrianto wrote:
> >> I installed Bind-9 in RHL 8.0. Bind is act as internal DNS and also act
> as caching DNS for external DNS server to query internet DNS.
> I want that only specific users who can query to external DNS, and the
> rest is restricted.
> Is that possible?
> >No. Bind can control which IP addresses can resolve which names or
> >addresses, but it has no concept of usernames.
> Yes, IP's will do fine.
> I want to allow only a range of IP's (172.16.1.1-172.16.1.50) to query to
> external DNS, and the rest only can query internal DNS.
> How can bind control it?
Previously, you'd need to run split-horizon DNS. Bind 9 is nice in that
it uses the "views" feature. O'Reilly has a good explanation of the
concept and its implementation:
-- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:firstname.lastname@example.org?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list