Access control for DNS?

[Sotiris Tsimbonis]

On Mon, 3 Dec 2001, Dimitris Stasinopoulos wrote:

> Paides xaireto()
>
> Se ena pc pou trexei named, thelo na exo access control pano tou.
> Sigkekrimena, thelo na oriso poies IP (tou esoterikou LAN) exoun dikaioma
> na kanoun resolve poia hostnames.

o bind 8 exei tetoio option (doc/html/options.html):

   blackhole
          Specifies a list of addresses that the server will not accept
          queries from or use to resolve a query. Queries from these
          addresses will not be responded to.

sto /etc/named.conf sou, kaneis mia access control list, px.

acl badhosts {
10.10.10.1;
10.10.10.5
};

kai sta options pros8eteis

options {
	...
	blackhole { badhosts; } ;
	...
};


> To problima einai oti to pc trexei pppd se dial on demand mode, kai an
> ta eksipnopoulia pane na anoiksoun explorer (pou fisika paei na anoiksei
> msn.com mplah mplah mplah), o named tha prospathisei na kanei resolve to
> hostname pou tha ton rotisei o explorer, ktl ktl, kai tha sikosei to
> link. Pos mporo na to apofigo afto, elegxontas (dinamika) poia hostnames
> mporoun na ginoun resolved kai poia oxi?

an to dial-on-demand e3akolou8isei na shkwnei th grammh, tote pi8anws na
einai giati ta mhxanimata sto LAN e3akolou8oun tis prospa8ies gia resolv,
opote h epomenh lysh mallon einai ipfwadm/ipchains/ipfw :)


  _ _ _|_ o._ o _
 _)(_) |_ ||  |_>