Stealth Slave used in forwarders list.. workable or not ??

Kevin Darcy kcd at
Wed Oct 23 20:56:21 UTC 2002

Cricket Liu wrote:

> Theo C wrote:
> > I'm setting up our external DNS servers not to allow recursion..
> > (either from internal or external machines.) I'm also setting up
> > Stealth Secondaries that will allow recursion from internal machines.
> > Our internal servers will be authoritative for internal domains and
> > forward all Internet queries to the external stealth secondaries.
> >
> > Q:Will this work? (I know that a stealth secondary usually only serves
> > resolvers, but does it differentiate between a resolver request and a
> > Name server request?
> No, it has no way of doing that.  They just look like recursive queries.

Well, one could enumerate all of the internal servers in an allow-recursion
statement, but that's not very maintainable...

- Kevin

More information about the bind-users mailing list