The option in named.conf that specifies which hosts are permitted to ask for domain name information from the server is allow-query. The allow-query option is used to define an access control list (ACL) that matches the source IP address of the DNS query. The ACL can be a list of IP addresses, networks, keywords, or predefined ACL names. The default value of allow-query is any, which means that any host can query the server. However, this can pose a security risk, as the server may be exposed to unwanted or malicious queries. Therefore, it is recommended to restrict the allow-query option to only the hosts that need to access the server, such as the local network or trusted clients. For example, the following option allows only the hosts in the 192.168.1.0/24 network and the localhost to query the server:
allow-query { 192.168.1.0/24; localhost; };
The other options are not valid in named.conf. allowed-hosts, accept-query, permit-query, and query-group are not recognized keywords by BIND.
References:
LPIC-2 exam 202 objectives, topic 208.1, “Implementing a web server”
BIND 9 Administrator Reference Manual, chapter 6, “Access Control Lists and TSIG”
How to Configure DNS Server with TSIG on CentOS 8
