zone "alloweddomain.com" { type slave; masters { 192.168.0.1; }; file "slave/alloweddomain.com.zone"; };
Replacing 192.168.0.1 with the IP address of the primary DNS server for the zone you want to allow. If you already control the DNS server for the domain you allow, then:
zone "alloweddomain.com" { type master; file "alloweddomain.com.zone"; allow-update { none; }; };
If neither of these are options, then per-zone forwarding or creating stub zones are the way to go. I don't remember how off the top of my head, but I have done it before, so I could look it up easily (if I weren't so darn lazy :-).
Ok maybe not, a quick google and we have:
zone "alloweddomain.com" { type forward; forward first; forwarders { 192.168.0.1; }; };
I recommend you use a firewall / proxy solution for reasons already mentioned by others here but if you really want to go this route, the slave configuration most likely will not work for you. To be able to do that the server must be configured to allow zone transfers to your DNS and most servers are configured to only allow transfers to their own secondary servers. Going this route the forwarding option looks the cleanest, but the proper solution is to use a proxy, which can even be set up to operate transparently without any user intervention on the client machines.
Dave Madsen [EMAIL PROTECTED]
____________________
BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
