Hi, Richard Creighton schrieb:
My question is how can I limit what external sites can query, ie, *I* or my network machines may need to lookup any of those same queries (though I can't see why at the moment), but external sites have no business doing so. External sites *may* have legitimate reasons to look up certain public addresses like mail or www or similar information so I can't just shut off port 53 to outsiders. I remember once upon a time reading about this problem and a solution, but now, for the life of me, I can't find it. Any Ideas?
Access to use your DNS server for recursive queries is controlled in your named.conf in section options. Especially I have for example: allow-query { ::1/128; 127.0.0.1; localnets; }; recursion yes; Which means that only localhost and "localnets" are allowed to use your DNS server to resolve any fqdn. Access to your own local zones is granted in the respective zone section where you may want to define: allow-query { any; }; if your hosts should be reachable externally. Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org