[Samba] Restrict who can query my DNS

Rowland penny rpenny at samba.org
Thu Aug 22 18:01:32 UTC 2019

On 22/08/2019 18:30, Leonardo Yanes Batista via samba wrote:
> Hello everyone, could you help me find a solution to restrict who can check my DNS within my domain?
> I have a domain controller with SAMBA4 and as DNS backend I use BIND9.
> I would like to be able to define who are the IPs that I want to allow to consult my DNS. I tried the following but I failed to get it
> /etc/bind/named.conf.options
> ...
> options {
> allow-query {
> localhost;
> };
> ....
> }
> In essence, this should allow the domain controller itself to be the only one that has permission to query itself, but when I try to query from a PC in my domain, the DNS keeps responding to my queries. How could I avoid this?
OK, I give in, why do you want to do something, that is, on the face of 
it, akin to unplugging your DC from the network ?

Your domain computers must be able to query the dns server on the DC.


More information about the samba mailing list