Forum Discussion
JRahm
Jun 17, 2010Admin
So, reposting, edit doesn't seem to help:
restrict rndc access to local machines
use the key in the default place: /config/rndc.key
controls {
inet 127.0.0.1 port 953 allow {
127.0.0.1;
};
};
logging {
channel logfile {
syslog daemon;
severity error;
print-category yes;
print-severity yes;
print-time yes;
};
category default {
logfile;
};
category config {
logfile;
};
category notify {
logfile;
};
};
options {
listen-on port 53 {
127.0.0.1;
"zrd-acl-000-000";
};
forward only;
forwarders {
x.x.x.x;
x.x.x.y;
x.x.x.z;
};
allow-query {
localhost;
internal;
};
listen-on-v6 port 53 {
::1;
};
directory "/config/namedb";
allow-transfer {
localhost;
};
recursion yes;
};
acl "zrd-acl-000-000" {
127.10.0.0;
};
acl internal {
10/8;
};