[Samba] Restrict who can query my DNS
L.P.H. van Belle
belle at bazuin.nl
Fri Aug 23 09:52:59 UTC 2019
We dont know that Rowland.
Read : https://tools.ietf.org/html/rfc6761
Chap 6.3.4
If i want to run a DC with the name s4dc.localhost
Then i can and its not responding to dns request.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: vrijdag 23 augustus 2019 11:25
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Restrict who can query my DNS
>
> On 23/08/2019 10:07, L.P.H. van Belle via samba wrote:
> > In bind:
> > Allow-CIDR { ... Range/XX }
> > Deny-CIDR { ... Range/XX }
> > That stops use of DNS
> >
> > And/or firewalling it,
> >
> > Deny CIDR first for full server.
> > Allow CIDR for full server.
>
> The OP posted this:
>
> /etc/bind/named.conf.options
> ...
> options {
> allow-query {
> localhost;
> };
>
> He only wants the DC to be able to query dns, nothing else, just localhost.
So if he wants that..
He should have read:
https://tools.ietf.org/html/rfc6761 chap 6.3.
>
> If he does manage to get this working, how are any other domain clients going to work ?
Not our problem.
> They will not be able to find other clients, the DC, or anything from the internet,
> because the DNS server will reject their queries.
Again, Not our problem, maybe that is exact what he wants.
You know, i can setup a computer without DNS ipnumers and still work with AD-DC's..
>
> I will say it again: doing this is just like pulling the
> ethernet cable out of the DC.
Yes, yes, but again, we dont know what his (exact) goal/purpose is, so that is why i want more info first.
You know something with assumption and mother...
So first more info..
>
> Rowland
Louis
More information about the samba
mailing list