[Samba] Restrict who can query my DNS

L.P.H. van Belle belle at bazuin.nl
Fri Aug 23 09:52:59 UTC 2019


We dont know that Rowland. 

Read : https://tools.ietf.org/html/rfc6761 
Chap 6.3.4 



If i want to run a DC with the name s4dc.localhost 
Then i can and its not responding to dns request. 

 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: vrijdag 23 augustus 2019 11:25
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Restrict who can query my DNS
> 
> On 23/08/2019 10:07, L.P.H. van Belle via samba wrote:
> > In bind:
> > Allow-CIDR { ... Range/XX }
> > Deny-CIDR { ... Range/XX }
> > That stops use of DNS
> >
> > And/or firewalling it,
> >
> > Deny CIDR first for full server.
> > Allow CIDR for full server.
> 
> The OP posted this:
> 
> /etc/bind/named.conf.options
> ...
> options {
> allow-query {
> localhost;
> };
> 
> He only wants the DC to be able to query dns, nothing else, just localhost.
So if he wants that.. 

He should have read: 
https://tools.ietf.org/html/rfc6761 chap 6.3. 

> 
> If he does manage to get this working, how are any other domain clients going to work ? 
Not our problem.

> They will not be able to find other clients, the DC, or anything from the internet, 
> because the DNS server will reject their queries.
Again, Not our problem, maybe that is exact what he wants. 

You know, i can setup a computer without DNS ipnumers and still work with AD-DC's..

> 
> I will say it again: doing this is just like pulling the 
> ethernet cable out of the DC.
Yes, yes, but again, we dont know what his (exact) goal/purpose is, so that is why i want more info first. 
You know something with assumption and mother... 

So first more info.. 


> 
> Rowland

Louis




More information about the samba mailing list