DNS control

[Michael Kearey]

Nicholas Yau wrote:
> hi folks :
> I have a dns up in my redhat 8.0 linux box.
> 
> -running bind-9.2.1-9.
> -manually assign IP
> 
> actually i provide the service for my LAN user.
> in network 192.168.42.x subnet mask 255.255.255.0
> 
> what i wanted to do is,
> Only user and IP listed in the /var/named/named.xxx
> can do the query from their machine to my linux box then
> only out to the internet.
> 
> 
> So that user cannot simply assign their own ip from the range
> 192.168.42.x as they like without informing the administrator.
> 
> 
> help me folks !


I am quite sure this question should not belong here in redhat-beta or 
in fedora-test-list

ANyway, once we figure out a good place to ask this question I will 
have a go answering it.

Read www.redhat.com Redhat guides, they still have excellent reference 
on this sort of thing..

I have done this in /etc/named.conf:

Add a acl not-welcome

acl not-welcome {
         !192.168.0.0/24;
};

Add a welcome acl:

acl welcome {
         192.168.0.0/24;
         127.0.0.1;
};

Then in options put this:
options {

..,
..,
         blackhole { not-welcome; };
         allow-query { welcome; };
         allow-recursion { welcome; };
..,
..,
};


Test it out to see if it works for you. You can specify a list of IP's 
or a range in CIDR form as far as I know. 'man named.conf' also gives 
details on what you can do.

Cheers,
Michael