blob: 14a5dfb4dcb87fdf7f8d13c892bada9efa85e678 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
.. _mod-queryacl:
``queryacl`` — Limit queries by remote address or target interface
==================================================================
This module provides a simple way to whitelist incoming queries
according to the query's source address or target interface.
It can be used e.g. to create a restricted-access subzone with delegations from the corresponding public zone.
The module may be enabled both globally and per-zone.
.. NOTE::
The module limits only regular queries. Notify, transfer and update are handled by :ref:`ACL<ACL>`.
Example
-------
::
mod-queryacl:
- id: default
address: [192.0.2.73-192.0.2.90, 203.0.113.0/24]
interface: 198.51.100
zone:
- domain: example.com
module: mod-queryacl/default
Module reference
----------------
::
mod-queryacl:
- id: STR
address: ADDR[/INT] | ADDR-ADDR ...
interface: ADDR[/INT] | ADDR-ADDR ...
.. _mod-queryacl_id:
id
..
A module identifier.
.. _mod-queryacl_address:
address
.......
A list of allowed ranges and/or subnets for query's source address. If the query's address does not fall into any
of the configured ranges, NOTAUTH rcode is returned.
.. _mod-queryacl_interface:
interface
.........
A list of allowed ranges and/or subnets for query's target interface. If the interface does not fall into any
of the configured ranges, NOTAUTH rcode is returned. Note that every interface used has to be configured in :ref:`listen<server_listen>`.
|