Plethora of logged messages started up
Barry Margolin
barmar at genuity.net
Thu Dec 20 15:39:53 UTC 2001
In article <9vrg2r$re0 at pub3.rc.vix.com>, Robert Gahl <bgahl at bawcsa.org> wrote:
>The way my rules were set up, zones I had defined where allowed to be
>queried and zones I had not defined (usually assumed to be something I'm
>not responsible for) were rejected.
>
>Why all the log denials? Because a reverse delegation got turned on while I
>was on vacation and I was rejecting the lookups for that data.
You could probably simplify things quite a bit if you switched from using
"allow-query" to "allow-recursion". Queries for zones you're authoritative
for should be non-recursive, while queries from client resolvers will be
recursive. So you should allow recursion from trusted hosts, and allow
other queries from anywhere.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list