Search Again: Re: Blocking Users from DNS.. From: Sigurdur Ragnarsson Date: Thursday, April 24, 2003 Time: 2:02:21 am The following instructions are based on the assumption that you are using QuickDNS 4: 1. Start QuickDNS Manager and connect to your servers. 2. Select the server you want to configure. 3. Choose Options from the Server menu. This will display the Server Options dialog box. 4. Click 'Query Restrictions' in the list on the left hand side of the dialog box. The Query Restrictions panel is displayed. 5. Click the Add button. 6. Enter an IP address in the field provided. You can choose a predefined range from the drop down list, which gives you the option to select any, none, localhost, or localnets. 7. Choose whether you want to allow or deny this server access control for recursive queries by selecting the appropriate radio button. 8 Click OK to add the new restriction to the list. In your case, the list would most likely look as follows: Deny any Allow localnets (The first line is to disallow anyone from performing recursive queries, while the second line opens for recursive queries for hosts on the local network) Sigurdur >Len, > >I am running QuickDNS 3.5.x on OS X 10.2.5. Where do I make these changes to restrict access to the DNS server. The named.conf file says not to edit it. As does the options file.. But the options file does have a line that says the following.. > >allow-recursion { any }; > >So should I add in the following to named.conf? > >acl myrecursers { 1.2.3.4; 1.2.4.4; } > >What is the format for these options? Do I put what I have up top IP by IP or can I just put 1.2.3.X to do the whole class C... > >Thanks for any info.. > >Mark > >On Tuesday, April 22, 2003, at 09:54 AM, Len Conrad wrote: > >> >>> Is there a way through QuickDNS or Mac OS X to block IP ranges from using your DNS servers? >> >> if you're running BIND, in named.conf : >> >> acl myrecursers { my_subnets; }; >> >> options { >> allow recursion { myrecursers; }; >> }; >> >>> I would like to prevent people from using my DNS servers because it is causing extra unnecessary traffic on my T1. >> >> unrestricted recursion also makes you more vulnerable to cache poisoning and DoS attacks. >> >> Len >> -- Sigurdur Ragnarsson Men & Mice siggi@menandmice.com http://www.menandmice.com

Messages In This Thread: Blocking Users from DNS.. by Mark Moloughney on Apr 22, 2003 at 6:47:22 am Re: Blocking Users from DNS.. by Len Conrad on Apr 22, 2003 at 6:56:40 am Re: Blocking Users from DNS.. by mattb on Apr 22, 2003 at 11:10:26 am Re: Blocking Users from DNS.. by Mark Moloughney on Apr 23, 2003 at 9:00:08 am Re: Blocking Users from DNS.. by Mark Moloughney on Apr 23, 2003 at 11:18:34 am Re: Blocking Users from DNS.. by Len Conrad on Apr 23, 2003 at 12:34:51 pm Re: Blocking Users from DNS.. by Mark Moloughney on Apr 23, 2003 at 2:11:36 pm Re: Blocking Users from DNS.. by Len Conrad on Apr 23, 2003 at 2:16:54 pm Re: Blocking Users from DNS.. by Mark Moloughney on Apr 23, 2003 at 2:29:48 pm Re: Blocking Users from DNS.. by Sigurdur Ragnarsson on Apr 24, 2003 at 2:02:21 am Re: Blocking Users from DNS.. by Mark Moloughney on Apr 24, 2003 at 1:15:06 pm