SEARCH
TOOLBOX
LANGUAGES
Djbdns

Djbdns

From GarrettHoneycutt

Jump to: navigation, search

DNS ACL's

Dnscache has a very easy ACL mechanism. All that needs to be done is to touch the ips that you want to be able to access the dnscache ip directory. Look in /var/lib/dnscache/ so the ACL list can be found in /var/lib/dnscache/root/ip/.

This directory contains zero byte files which are named the ip, or ip-octet which should be allowed to access the dnscache service. The names can be 1, 2, 3, or 4 octets, and just do a simple match. So:

  • 127.0.0.1 = localhost can access
  • 216.254.0 = all hosts in 216.254.0.0/24 can access
  • 172.16 = all hosts in 172.16.0.0/16
  • 10 = all hosts in 10.0.0.0/8 can access

a typical directory might look like this:

# ls -l /var/lib/dnscache/root/ip/
total 0
-rw-r--r--    1 root     root            0 May 18 11:41 127.0.0.1
-rw-r--r--    1 root     root            0 May 18 11:41 5.4.1
-rw-r--r--    1 root     root            0 May 18 11:41 172.16