Re: [tor-relays] Running Bind locally
For linux bind named.conf: Within "options {" put: allow-query { any; }; allow-recursion { trusted; }; allow-query-cache { trusted; }; Then, add this new section somewhere after the options closing bracket: acl "trusted" { localhost; localnets; //netblocks/IPs you want, examples below: 123.23.23.23/24; 12.123.123.123; }; On Tuesday 10/09/2013 at 4:23 am, Eugen Leitl wrote:
On Tue, Sep 10, 2013 at 12:45:03AM -0700, Bry8 Star wrote:
If you run your own BIND/named as Authoritative DNS-Server, for some domain-name that you own, and if it is also configured to function as a Recursive DNS-Server for local software (in that computer), and if you have enabled DNSSEC (for recursive side), then that would be better, imho.
Speaking about recursive DNS for BIND, does anyone have a working set of options which limit recursive DNS queries to just the local subnet, and another couple IPs, maybe?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
As a heads-up, this fixed my recursive DNS to world issue while ability to serve authoritative domains was not impaired. Thank you, tor@t-3.net Running your own DNS is a good idea for those who got too used to all these 8.8.8.8 and 8.8.4.4 things. On Tue, Sep 10, 2013 at 04:33:23AM -0400, tor@t-3.net wrote:
For linux bind named.conf:
Within "options {" put:
allow-query { any; }; allow-recursion { trusted; }; allow-query-cache { trusted; };
Then, add this new section somewhere after the options closing bracket:
acl "trusted" { localhost; localnets; //netblocks/IPs you want, examples below: 123.23.23.23/24; 12.123.123.123; };
On Tuesday 10/09/2013 at 4:23 am, Eugen Leitl wrote:
On Tue, Sep 10, 2013 at 12:45:03AM -0700, Bry8 Star wrote:
If you run your own BIND/named as Authoritative DNS-Server, for some domain-name that you own, and if it is also configured to function as a Recursive DNS-Server for local software (in that computer), and if you have enabled DNSSEC (for recursive side), then that would be better, imho.
Speaking about recursive DNS for BIND, does anyone have a working set of options which limit recursive DNS queries to just the local subnet, and another couple IPs, maybe?
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
participants (2)
-
Eugen Leitl -
tor@t-3.net