0
I am working on a BIND DNS server for DNS forwarding. I noticed that you can create an ACL to have trusted clients on the server. Can I configure the BIND server without an ACL, or is it necessary to use ACLs for the BIND server to function? I would like to use BIND without an ACL, if possible.
thecomputerguru
Posted 2019-10-01T03:01:09.970
Reputation: 329
2
Running a recursive nameserver opens you to multiple attacks, if you do not restrict who can access it, hence ACLs.
Yes, some big organizations have open public nameservers. Do you have however the same knowledge and human power like them to maintain your server?
Probably not, so your recursive nameserver should be configured, with ACLs, to deliver service only to the relevant local clients.
Patrick Mevzek
Posted 2019-10-01T03:01:09.970
Reputation: 1 334
Can I do an ACL for specific IP address range? – thecomputerguru – 2019-10-07T19:10:24.950
1
Yes. Please see https://ftp.isc.org/isc/bind9/cur/9.15/doc/arm/Bv9ARM.ch05.html#acl_grammar for the full definition of the
– Patrick Mevzek – 2019-10-07T19:19:26.587aclkeyword grammar and the precise definition of matching address list at https://ftp.isc.org/isc/bind9/cur/9.15/doc/arm/Bv9ARM.ch05.html#address_match_lists. Note the option "an IP prefix (in `/' notation) " among the possible values.Thank you for telling me about this! This was definitely what I was needing to know. Thank you for the advice for security on the BIND server. I'm demoing everything, before I put it in a production environment. – thecomputerguru – 2019-10-07T20:03:12.450