Exam 202-450 Topic 2 Question 67 Discussion
Actual exam question for Lpi's 202-450 exam
Question #: 67
Topic #: 2
Question #: 67
Topic #: 2
Which option in named.conf specifies which host are permitted to ask for domain name information from the server?
Suggested Answer: D Vote an answer
Explanation
The option in named.conf that specifies which hosts are permitted to ask for domain name information from the server is allow-query. The allow-query option is used to define an access control list (ACL) that matches the source IP address of the DNS query. The ACL can be a list of IP addresses, networks, keywords, or predefined ACL names. The default value of allow-query is any, which means that any host can query the server. However, this can pose a security risk, as the server may be exposed to unwanted or malicious queries.
Therefore, it is recommended to restrict the allow-query option to only the hosts that need to access the server, such as the local network or trusted clients. For example, the following option allows only the hosts in the
192.168.1.0/24 network and the localhost to query the server:
allow-query { 192.168.1.0/24; localhost; };
The other options are not valid in named.conf. allowed-hosts, accept-query, permit-query, and query-group are not recognized keywords by BIND.
References:
LPIC-2 exam 202 objectives, topic 208.1, "Implementing a web server"
BIND 9 Administrator Reference Manual, chapter 6, "Access Control Lists and TSIG" How to Configure DNS Server with TSIG on CentOS 8
The option in named.conf that specifies which hosts are permitted to ask for domain name information from the server is allow-query. The allow-query option is used to define an access control list (ACL) that matches the source IP address of the DNS query. The ACL can be a list of IP addresses, networks, keywords, or predefined ACL names. The default value of allow-query is any, which means that any host can query the server. However, this can pose a security risk, as the server may be exposed to unwanted or malicious queries.
Therefore, it is recommended to restrict the allow-query option to only the hosts that need to access the server, such as the local network or trusted clients. For example, the following option allows only the hosts in the
192.168.1.0/24 network and the localhost to query the server:
allow-query { 192.168.1.0/24; localhost; };
The other options are not valid in named.conf. allowed-hosts, accept-query, permit-query, and query-group are not recognized keywords by BIND.
References:
LPIC-2 exam 202 objectives, topic 208.1, "Implementing a web server"
BIND 9 Administrator Reference Manual, chapter 6, "Access Control Lists and TSIG" How to Configure DNS Server with TSIG on CentOS 8
by Milo at Jun 25, 2026, 11:42 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).