Home / server / Questions / 550336
In Process
Lord Loh.
Asked: 2013-11-03 15:39:01 +0800 CST

Can I use BIND to restrict certain zones to a limited set of IP addresses?

  • 772

I would like to have certain zones hosted by my DNS servers to be accessible internet-wide while restricting certain zones only to specific IP addresses (local or internet). Is this possible? How do I do it?

Putting the allow-query { <ip.v4.ad.dr>; }; option in the zone {...} did not seem to stop me from fetching A records in that zones from IP addresses other than the one specified :-(

domain-name-system

3 Answers

  1. You could put the restricted zones in a separate bind view that is accessible only for the specific IP addresses. Check the manual for the exact configuration but basically you would define a view block and inside define a match-clients for your IPs and then another view with match-clients any.

    • 1

  2. views are great but if the zone is not available in the public zone you can use zone level acl

    acl trusted { 192.168.0.0/24; };
acl slaves { 192.168.1.10; 192.168.1.11; };

    allow-query { slaves; trusted; !any; };

    • 0

  3. Adding allow-query{ trusted_ips; }; inside the options block in named.conf.options worked for me.

    • -1