[Samba] Restrict who can query my DNS
Rowland penny
rpenny at samba.org
Fri Aug 23 09:25:03 UTC 2019
On 23/08/2019 10:07, L.P.H. van Belle via samba wrote:
> In bind:
> Allow-CIDR { ... Range/XX }
> Deny-CIDR { ... Range/XX }
> That stops use of DNS
>
> And/or firewalling it,
>
> Deny CIDR first for full server.
> Allow CIDR for full server.
The OP posted this:
/etc/bind/named.conf.options
...
options {
allow-query {
localhost;
};
He only wants the DC to be able to query dns, nothing else, just localhost.
If he does manage to get this working, how are any other domain clients
going to work ? They will not be able to find other clients, the DC, or
anything from the internet, because the DNS server will reject their
queries.
I will say it again: doing this is just like pulling the ethernet cable
out of the DC.
Rowland
More information about the samba
mailing list