[Samba] Restrict who can query my DNS

Rowland penny rpenny at samba.org
Fri Aug 23 09:25:03 UTC 2019


On 23/08/2019 10:07, L.P.H. van Belle via samba wrote:
> In bind:
> Allow-CIDR { ... Range/XX }
> Deny-CIDR { ... Range/XX }
> That stops use of DNS
>
> And/or firewalling it,
>
> Deny CIDR first for full server.
> Allow CIDR for full server.

The OP posted this:

/etc/bind/named.conf.options
...
options {
allow-query {
localhost;
};

He only wants the DC to be able to query dns, nothing else, just localhost.

If he does manage to get this working, how are any other domain clients 
going to work ? They will not be able to find other clients, the DC, or 
anything from the internet, because the DNS server will reject their 
queries.

I will say it again: doing this is just like pulling the ethernet cable 
out of the DC.

Rowland





More information about the samba mailing list