Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Bind cache availability...

from [John Madden] Network Security [Permanent Link]
Subject: Re: Bind cache availability...
Date: Sun, 22 May 2005 00:42:04 -0500 
 I'm running Woody distribution of Debian Linux on one of my servers and
I use it as DNS sever - bind installed on it...
The DNS server is available to LAN users as same as to internet users...
For nonexistent records I use hint zone instead of forwarding to my
provider...this means, I use cacheing of records from root servers...and
that's the problem...records in my cache are available to internet and
LAN users, which I don't want for security reasons...I would like them
to be available only to my LAN users. Is it at least possible...?


Yes.  Set up an acl containing your IP blocks, then set up two separate "view" 
groups and use "match-clients" to filter down the list of IP's that are 
matched into each view.  For the external clients, set "recursion no."

John



-- 
# John Madden  weez@freelists.org: http://www.nerdarium.com
# FreeLists: Free mailing lists for all: http://www.freelists.org
# Linux, Apache, Perl and C: All the best things in life are free!
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Bind cache availability..., Draq
Next by Date:  Re: Bind cache availability..., Santi Saez
Previous by Thread:  Bind cache availability..., Draq
Next by Thread:  Re: Bind cache availability..., Santi Saez
Indexes:  [Date] [Thread] [Top] [All Lists]