Restrict authoritative queries to internal networks
Mirrors the puppet authoritative master-zones view (match-clients
acl-main.unkin.net) using a global allow-query instead of a view, since
dynamic primary zones in a view would need per-view allow-new-zones.
- add auth-acl-main BindACL (the puppet acl-main.unkin.net networks)
- allow-query { auth-acl-main; 10.42.0.0/16; } on bind-authoritative
(pod net included so secondaries can SOA-refresh from the primary)
This commit is contained in:
@@ -6,3 +6,4 @@ resources:
|
||||
- cluster.yaml
|
||||
- tsigkey.yaml
|
||||
- zones.yaml
|
||||
- acls.yaml
|
||||
|
||||
Reference in New Issue
Block a user