{"description": "Is it possible to run external and internal nameservers on\nseparate systems? If so, follow the configuration guidance in this section. On\nthe external nameserver, edit <tt>/etc/named.conf</tt> to add or correct the\nfollowing directives:\n<pre>options {\n  allow-query { any; };\n  recursion no;\n  ...\n};\nzone \"example.com \" IN {\n  ...\n};</pre>\nOn the internal nameserver, edit <tt>/etc/named.conf</tt>. Add or correct the\nfollowing directives, where SUBNET is the numerical IP representation of your\norganization in the form xxx.xxx.xxx.xxx/xx:\n<pre>acl internal {\n  SUBNET ;\n  localhost;\n};\noptions {\n  allow-query { internal; };\n  ...\n};\nzone \"internal.example.com \" IN {\n  ...\n};</pre>", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": {}, "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Run Separate DNS Servers for External and Internal Queries", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/dns/dns_server_protection/dns_server_separate_internal_external/group.yml"}