Hi Nuno, Thanks for the response. However, I don't own the authoritative servers. And the clients that I am serving don't have direct access to the authoritative servers.
Prabhat. --- On Mon, 7/12/10, Nuno Paquete <nunopaqu...@lusocargo.pt> wrote: > From: Nuno Paquete <nunopaqu...@lusocargo.pt> > Subject: Re: ACL for forward zone > To: "Prabhat Rana" <prana9...@yahoo.com> > Cc: bind-users@lists.isc.org > Date: Monday, July 12, 2010, 4:17 PM > Hi Prabhat, > > I think you don't need this ACL in your forwarder server, > define it on > the authoritative server (1.2.3.4 and 5.6.7.8, according to > your > example). > > Regards, > Nuno Paquete > > No dia 2010/07/12, às 19:27, "Prabhat Rana" <prana9...@yahoo.com> > > escreveu: > > > Hello all, > > I have BIND 9.7.1 installed in Solaris 10. I need to > use a forwarder > > for a certain internal private IP zone to a certain > internal DNS > > severs. In the meantime I need to use certain ACL so > that it would > > forward the queries and reply to them only from > certain IP address > > clients. So I used the following conifgs in > named.conf > > > > acl "Internal" {10.0.1.0/24) > > > > > > zone "10.in-addr.arpa" in { > > type forward; > > forwarders { 1.2.3.4; > 5.6.7.8; }; > > allow-query { "Internal"; > }; > > > > However it appears I can't use 'allow query' > option in forward zone > > as seen in the syslog > > /etc/named.conf:102: option 'allow-query' is not > allowed in > > 'forward' zone '10.in-addr.arpa' > > > > Basically you know what I'm trying to achieve. So if > anyone has any > > tip how can I use forward from the clients only within > certain IP > > address range, that would be great. > > > > Prabhat. > > > > > > > > > > _______________________________________________ > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users