For linux bind named.conf:
Within "options {" put:
allow-query { any; }; allow-recursion { trusted; }; allow-query-cache { trusted; };
Then, add this new section somewhere after the options closing bracket:
acl "trusted" { localhost; localnets; //netblocks/IPs you want, examples below: 123.23.23.23/24; 12.123.123.123; };
On Tuesday 10/09/2013 at 4:23 am, Eugen Leitl wrote:
On Tue, Sep 10, 2013 at 12:45:03AM -0700, Bry8 Star wrote:
If you run your own BIND/named as Authoritative DNS-Server, for some domain-name that you own, and if it is also configured to function as a Recursive DNS-Server for local software (in that computer), and if you have enabled DNSSEC (for recursive side), then that would be better, imho.
Speaking about recursive DNS for BIND, does anyone have a working set of options which limit recursive DNS queries to just the local subnet, and another couple IPs, maybe?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
As a heads-up, this fixed my recursive DNS to world issue while ability to serve authoritative domains was not impaired. Thank you, tor@t-3.net
Running your own DNS is a good idea for those who got too used to all these 8.8.8.8 and 8.8.4.4 things.
On Tue, Sep 10, 2013 at 04:33:23AM -0400, tor@t-3.net wrote:
For linux bind named.conf:
Within "options {" put:
allow-query { any; }; allow-recursion { trusted; }; allow-query-cache { trusted; };
Then, add this new section somewhere after the options closing bracket:
acl "trusted" { localhost; localnets; //netblocks/IPs you want, examples below: 123.23.23.23/24; 12.123.123.123; };
On Tuesday 10/09/2013 at 4:23 am, Eugen Leitl wrote:
On Tue, Sep 10, 2013 at 12:45:03AM -0700, Bry8 Star wrote:
If you run your own BIND/named as Authoritative DNS-Server, for some domain-name that you own, and if it is also configured to function as a Recursive DNS-Server for local software (in that computer), and if you have enabled DNSSEC (for recursive side), then that would be better, imho.
Speaking about recursive DNS for BIND, does anyone have a working set of options which limit recursive DNS queries to just the local subnet, and another couple IPs, maybe?
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Eugen Leitl -
tor@t-3.net