BIND 8.x, security, and delegations

Cricket Liu cricket at acmebw.com
Tue Jun 15 15:02:08 UTC 1999


Gregg TeHennepe <gat at jax.org> wrote in message
news:<37664644.A26A52B0 at jax.org>...
> > Actually, I would think your name server wouldn't be returning the
referral,
> > since the original query was denied.
>
> Ack! This means the query will fail?! Now I'm confused again... if this is
the
> case, does it mean I can't configure my servers securely and still
delegate
> the domain as described? Do my servers have to be secondarys for the
> delegated domain so that they can look up the A record?

Hmm.  Well, I thought this would be the case, since the query the name
server received was outside of the zone, and hence covered by the global
allow-query access list, but I set this up here and the parent name server
seems to send the referral anyway.

cricket

Acme Byte & Wire
cricket at acmebw.com
www.acmebw.com

Attend our next DNS and BIND class!  See
www.acmebw.com/training.htm for the
schedule and to register for upcoming
classes.



More information about the bind-users mailing list