Selectively Allowing Recursive Query

David Botham dns at botham.net
Tue Dec 3 14:23:55 UTC 2002




> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Tai_Nguyen at infonet.com
> Sent: Monday, December 02, 2002 7:18 PM
> To: Cricket Liu
> Cc: bind-users at isc.org; bind-users-bounce at isc.org
> Subject: Re: Selectively Allowing Recursive Query
> 
> 
> 
> Thanks, Cricket.
> 
> I configured views but it appeared to be hung when I tried to reload
so I
> don't

Look in the log file and see what errors are being generated.  Post them
here.

> know if it works by doing this way or not.
> 
> view "recursiable" {
>         match-clients { any; };
>         recursion yes;
>         zone "west.info.local" {
>         type master;
>         file "n.db.west.info.local";
>         };
> };
> 
> view "nonrecursiable" {
>         recursion no;

By not specifying a match list here, it is the equivalent of:
	Match-clients { any; }; 

which is the same as the first view.  I am thinking this omission is not
intentional?  

Dave...


>         zone "." {
>         type master;
>         file "n.db.root";
> };
> 
>         zone "0.0.127.in-addr.arpa" {
>         type master;
>         file "rev.127.0.0";
> };
> 
>         zone "info.local" {
>         type master;
>         file "n.db.info.local";
> };
> 
> };
> 
> 
> 
>                       "Cricket Liu"
>                       <cricket at menandmi        To:       <bind-
> users at isc.org>
>                       ce.com>                  cc:
>                       Sent by:                 Subject:  Re:
Selectively
> Allowing Recursive Query
>                       bind-users-bounce
>                       @isc.org
> 
> 
>                       12/02/02 03:54 PM
> 
> 
> 
> 
> 
> 
> 
> Tai_Nguyen at infonet.com wrote:
> > Our server is hosting multiple domains. We would like to know is
> > there any way we can allow recursive queries on some domains and
> > block recursive queries on the rest.
> 
> You can only restrict access to recursion by IP address.  Use
> the allow-recursion options substatement, e.g.,
> 
> options {
>     allow-recursion { 10/8; };
> };
> 
> cricket
> 
> Men & Mice
> DNS Software, Training and Consulting
> www.menandmice.com
> 
> The DNS and BIND Cookbook, now available!
> http://www.oreilly.com/catalog/dnsbindckbk/
> 
> 
> 
> 
> 




More information about the bind-users mailing list