CNAMEs pointing to outside domains

Mark_Andrews at Mark_Andrews at
Tue Jun 18 01:37:10 UTC 2002

> I am running Bind 9.2.1 and attempting to limit the hosts that can query my
> DNS server with the allow-query and allow-recursion options in named.conf.
> When I restrict these options to a list of trusted networks, from a host
> outside the list of trusted networks I am unable to lookup CNAMEs that refer
> to hosts that are part of domains not local to my DNS server.
> For example, for the record:
>    IN    CNAME
> Lookups on fail with a 'Query denied' error when queried
> via nslookup from a host outside of the list of trusted networks for my DNS
> server.
> When I set allow-query to 'any' and restrict recursion to a list of trusted
> networks with the allow-recursion option a nslookup of
> from a host outside the list of trusted networks returns the list of root
> DNS servers.
> Is it possible to configure Bind 9.2.1 to allow queries CNAMEs that refer to
> non-local domains and still restrict queries and recursive queries for other
> domains and records?
> --Vincent

	I suggest that you test with a non-recursive query which is what
	nameservers performing interative resolution do.

Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at

More information about the bind-users mailing list