In most situations, bind will be configured to server internal network only. This section guides you on how to configure bind to facilitate DNS service for internet network only.
The simple way to set the traffic is to define options clauses in /etc/bind/named.conf
:
options {
allow-query { 192.168.1/24; } ;
allow-transfer { none; } ;
allow-recursion { 192.168.1/24; } ;
listen-on { 192.168.1.2; } ;
forward { only; } ;
forwarders { A.B.C.D; } ;
};
This is to set the range of IPs allowed for querying. Notice the example above stated that only client with the IP pattern 192.168.1.XXX
are allowed to query the DNS service.
This is to specify zone transferring. In this case, it's best to set it to none;
.
DNS allows recursive queries so this should aligned to the same as allow-query
. Recursion query is like when the local bind
server could not resolve
This is the most important option: set it only serve from a single IP. In this case, one must set it to the internal IP address (in the example above: 192.168.1.2
). One can also set the DNS server to serve only to this computer by setting the IP to 127.0.0.1
.
This is to set the forward conditions when local bind server forwards the request to the next DNS server. In this case, set it to forward only
.
Set the forwarding servers (next level DNS servers). One can set manys like:
forwarders {
8.8.8.8;
8.8.4.4;
};
That's all for configuring bind to server only internal host.