Doh: Lame server on '' (in ''?) , plus some security stuff.

Kevin Darcy kcd at
Tue Mar 21 20:23:06 UTC 2000

Lincoln Yeoh wrote:

> On 21 Mar 2000 10:26:15 -0800, Barry Margolin <barmar at> wrote:
> >Since you're not hooked up to the Internet, you're not able to get the
> >authoritative list of root servers from one of the root servers, so they
> >all seem lame.
> Ah. Well our darn Cisco 1601 power supply went poof [1] :(. That's lame too
> ;).
> Would that be a FAQ? Or most people have working Net connections :).
> >Because the code that displays domain names always leaves off the last "."
> >in the fully-qualified name.  When you do that with the "." domain, you get
> >"".  The code should probably check for this special case and display '.',
> >but it doesn't.
> I'd rather they just leave the trailing '.' in, but that's me wanting to
> see everything, warts and all, but I guess certain apps may not like it.
> >>with forwarder set to the External server. But how do I only allow
> >>recursive queries by internals and at the same time prevent recursive
> >>queries by outsiders?
> >
> >Like I said above, the "allow-recursion" option.
> Thanks! How'd I miss that option.. Doh :).
> Whilst there I also saw allow-query in a new light...
> Now gonna restrict allow-query (only let outsiders ask about my public
> domains, and not others).

I don't understand what you're trying to do here. Are you going to block your
*inside* users from asking about your public domains? If a public domain is a
"shadow" of an internal domain, this is not an issue if you configure your
internal servers properly so that they'll never be forwarding queries for that
domain. Conversely, if the public domain is completely separate from any
internal domain, then you'd probably want your internal clients to be able to
see it.

- Kevin

More information about the bind-users mailing list