This is how we do it as well. I tried doing it via iptables on the DNS servers and it cause more problems than it was worth. You can technically skip the iptables part and do the ACL which I thought was a ton easier.
-Tim From: Af [mailto:af-boun...@afmug.com] On Behalf Of Eric Kuhnke via Af Sent: Thursday, October 02, 2014 10:49 AM To: af@afmug.com Subject: Re: [AFMUG] DNS server for guys who dont want to be gurus not just iptables, you can do it in bind9 in your named.conf.options: acl allowedclients { 10.20.20.0/24<http://10.20.20.0/24>; localhost; localnets; }; put your different netblocks in there, 10.20.20.0/24<http://10.20.20.0/24> is an example then further down in the same file, this is an example from my ns1 options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. recursion yes; notify yes; allow-query { allowedclients; }; allow-transfer { ip.address.of.my.ns2; }; On Thu, Oct 2, 2014 at 10:27 AM, Sean Heskett via Af <af@afmug.com<mailto:af@afmug.com>> wrote: BIND is your friend. i'd also set iptables to only allow queries from your network. On Thu, Oct 2, 2014 at 11:20 AM, That One Guy via Af <af@afmug.com<mailto:af@afmug.com>> wrote: Is there a good, simple package for locally hosted DNS Servers for people like me who dont want to get too far into managing the linux at a granular level? we are used to the webmin interface. It would be nice if it had the option to set up client accounts for some clients to manage their own DNS but not view others, but thats in no way a deal breaker -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925
