Stealth Slave used in forwarders list.. workable or not ??
kcd at daimlerchrysler.com
Wed Oct 23 20:56:21 UTC 2002
Cricket Liu wrote:
> Theo C wrote:
> > I'm setting up our external DNS servers not to allow recursion..
> > (either from internal or external machines.) I'm also setting up
> > Stealth Secondaries that will allow recursion from internal machines.
> > Our internal servers will be authoritative for internal domains and
> > forward all Internet queries to the external stealth secondaries.
> > Q:Will this work? (I know that a stealth secondary usually only serves
> > resolvers, but does it differentiate between a resolver request and a
> > Name server request?
> No, it has no way of doing that. They just look like recursive queries.
Well, one could enumerate all of the internal servers in an allow-recursion
statement, but that's not very maintainable...
More information about the bind-users