Date: Fri, 3 Dec 1999 02:55:39 +0200 From: d e a t h <charon@hades.hell.gr> To: freebsd-questions@freebsd.org Subject: Re: Internal vs External DNS (2 nameds) Message-ID: <19991203025539.C32201@hades.hell.gr> In-Reply-To: <19991203024229.C31576@hades.hell.gr> References: <19991201225936.B10261@amethyst.hypostasis.com> <19991202123650.C5160@hades.hell.gr> <19991202144429.A86312@kearneys.ca> <19991203024229.C31576@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 03, 1999 at 02:42:29AM +0200, d e a t h wrote: ... > zone "0.0.10.IN-ADDR.ARPA" { > type master; > file "primary/localnet-rev"; > allow-query { 10.0.0.0/8; 127.0.0.1; }; > }; > > and you're pretty sure that no queries will be sent to this zone from > any hosts not listed in allow-query. A combination of allow-query and > allow-transfer might make those paranoid of us feel even more `safe' > and relaxed ;) Of course, now that I think about it, spoofed queries might get through this ruleset, but their replies will go to the wrong place anyway. Moreover, you can always set ipfw up to block spoofed packets, coming from the wrong interfaces, etc. etc. Re: Ciao. -- Giorgos Keramidas, <keramida@ceid.upatras.gr> "What we have to learn to do, we learn by doing." [Aristotle] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991203025539.C32201>