How to bound the DNS service to a specific interface?

Is there a way to restrict the DNS server to only listen to specific IPs?
(eg, 192.168.0.x)
LVL 1
leealAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

swwelshCommented:
DNS servers are generally listed in /etc/resolv.conf - See what you have listed there
0
leealAuthor Commented:
ummm... I think you might have misunderstood my question.

I have set up a DNS server in my linux machine and I want to keep it internel. i.e. only machines inside my network can request info from that server.
0
foxrCommented:
Yes...maybe....  Go into linuxconf and look through athe DNS options.  You can limit DNS to a single Domain. simply make sure that your entire internal net is a sing domain (ip domain).  This option is pretty straight forward in linuxconf.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

leealAuthor Commented:
can't find anything useful.
0
ahoffmannCommented:
by "listen", do mean it should only answer requests coming from those IPs?
0
leealAuthor Commented:
yes.
0
ahoffmannCommented:
see man hosts.access how to restrict/allow access from special IPs, or use a simple firewall rule with ipfwadm (or ipchains).
0
leealAuthor Commented:
hosts.allow/hosts.deny doesn't seem to work on the name server. I tried blocking all external hosts, it works on ftp/telnet/etc, but not on the name server.

I also tried:
  ipfwadm -I -a deny -S 0/0 53 -D 0/0 53 -W eth1
and it doesn't work.

Any suggestions?
0
j2Commented:
ipchains -A input -s ! 192.168.0.0/24 -p TCP --destination-port 53 -j REJECT

(all on a single line, works great for me..) I think the problem abvove is that you can NOT assume a sourceport of 53, you can only assume a _destination_ port of 53.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
leealAuthor Commented:
you're right! It works with:
   ipfwadm -I -a deny -S 0/0 -D 0/0 53 -W eth1 -P udp
0
j2Commented:
*iik* _NOW_ i noticed you were running ipfwadm and not ipchains. Guess i just used ipchains from force of habit. Sorry :)
0
leealAuthor Commented:
no problem.
it's just a matter of modifying the syntax. :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.