You can control which networks/IPs can recursively access this nameserver by 'tweaking' the 'localnet' and 'remote-rec' ACLs

// /etc/named.conf
acl     localnet { 192.168.2.0/24; 127.0.0.1; };
acl     remote-rec { 1.2.3.4; };
options {
    directory "/var/named";
    /*
     * If there is a firewall between you and nameservers you want
     * to talk to, you might need to uncomment the query-source
     * directive below.  Previous versions of BIND always asked
     * questions using port 53, but BIND 8.1 uses an unprivileged
     * port by default.
     */
    // query-source address * port 53;
    allow-recursion { localnet; remote-rec; };
};
// 
// a caching only nameserver config
// 
zone "." IN {
    type hint;
    file "caching-example/named.root";
};

zone "localhost" IN {
    type master;
    file "caching-example/localhost.zone";
    allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "caching-example/named.local";
    allow-update { none; };
};

Comments