• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 210
  • Last Modified:

How to bound the DNS service to a specific interface?

Is there a way to restrict the DNS server to only listen to specific IPs?
(eg, 192.168.0.x)
0
leeal
Asked:
leeal
  • 6
  • 2
  • 2
  • +2
1 Solution
 
swwelshCommented:
DNS servers are generally listed in /etc/resolv.conf - See what you have listed there
0
 
leealAuthor Commented:
ummm... I think you might have misunderstood my question.

I have set up a DNS server in my linux machine and I want to keep it internel. i.e. only machines inside my network can request info from that server.
0
 
foxrCommented:
Yes...maybe....  Go into linuxconf and look through athe DNS options.  You can limit DNS to a single Domain. simply make sure that your entire internal net is a sing domain (ip domain).  This option is pretty straight forward in linuxconf.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
leealAuthor Commented:
can't find anything useful.
0
 
ahoffmannCommented:
by "listen", do mean it should only answer requests coming from those IPs?
0
 
leealAuthor Commented:
yes.
0
 
ahoffmannCommented:
see man hosts.access how to restrict/allow access from special IPs, or use a simple firewall rule with ipfwadm (or ipchains).
0
 
leealAuthor Commented:
hosts.allow/hosts.deny doesn't seem to work on the name server. I tried blocking all external hosts, it works on ftp/telnet/etc, but not on the name server.

I also tried:
  ipfwadm -I -a deny -S 0/0 53 -D 0/0 53 -W eth1
and it doesn't work.

Any suggestions?
0
 
j2Commented:
ipchains -A input -s ! 192.168.0.0/24 -p TCP --destination-port 53 -j REJECT

(all on a single line, works great for me..) I think the problem abvove is that you can NOT assume a sourceport of 53, you can only assume a _destination_ port of 53.
0
 
leealAuthor Commented:
you're right! It works with:
   ipfwadm -I -a deny -S 0/0 -D 0/0 53 -W eth1 -P udp
0
 
j2Commented:
*iik* _NOW_ i noticed you were running ipfwadm and not ipchains. Guess i just used ipchains from force of habit. Sorry :)
0
 
leealAuthor Commented:
no problem.
it's just a matter of modifying the syntax. :)
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 6
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now