Does anyone know if it is possible to restrict a private network from accessing websites on the internet by configuring bind 9 a certain way? I only want to allow them the ability to query one domain. If so how do you do it, i know you can do it with firewalls but I am wondering if it is possible with dns. Thanks in advance.
Tony
In named.conf comment out the part that looks similar to this:
//zone "." {
// type hint;
// file "root.cache";
//};Then for the zone you want to allow, put this (if you can slave the zone:
zone "alloweddomain.com" {
type slave;
masters {
192.168.0.1;
};
file "slave/alloweddomain.com.zone";
};Replacing 192.168.0.1 with the IP address of the primary DNS server for the zone you want to allow. If you already control the DNS server for the domain you allow, then:
zone "alloweddomain.com" {
type master;
file "alloweddomain.com.zone";
allow-update { none; };
};If neither of these are options, then per-zone forwarding or creating stub zones are the way to go. I don't remember how off the top of my head, but I have done it before, so I could look it up easily (if I weren't so darn lazy :-).
Ok maybe not, a quick google and we have:
zone "alloweddomain.com" {
type forward;
forward first;
forwarders {
192.168.0.1;
};
};This is probably the best of the solutions (just make sure you comment out the "." zone in named.conf) if you have no control over the domain you want to allow.
Adam Augustine
____________________
BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
