[Samba] Limit Samba4 AXFR zone info by bind view
Kelvin Yip
kelvin at icshk.com
Thu Nov 27 20:59:05 MST 2014
Dear all,
Have anyone have example configuration of bind view to limit AXFR zone info
as state in the following link ?
https://bugzilla.samba.org/show_bug.cgi?id=9634
Someone mentioned it is possible using bind view. I have tried bind view
with no luck.
My current configuration is:
options {
version "MyDNS V8.8.8.8";
forwarders {
192.168.188.2;
};
listen-on port 53 { 127.0.0.1; 192.168.188.66; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.188.0/24; };
allow-transfer { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
acl "internal_network" {
127/8;
192.168.188.0/24;
};
acl "external_network" {
!192.168.188.0/24;
};
view "internal" {
match-clients { "internal_network"; }; // our network
allow-query { internal_network; };
allow-transfer { localhost; };
allow-recursion { internal_network; };
match-recursive-only no;
//recursion yes;
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/usr/local/samba/private/named.conf";
};
view "external" {
match-clients { "external_network"; }; // public network
allow-query { any; };
allow-transfer { localhost; };
allow-recursion { none; };
match-recursive-only no;
//recursion no;
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/usr/local/samba/private/named.conf";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
#zone "." IN {
# type hint;
# file "named.ca";
#};
#include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/usr/local/samba/private/named.conf";
More information about the samba
mailing list