Stealth Slave used in forwarders list.. workable or not ??
Cricket Liu
cricket at menandmice.com
Wed Oct 23 21:07:56 UTC 2002
Kevin Darcy wrote:
> Cricket Liu wrote:
>
>> Theo C wrote:
>>> I'm setting up our external DNS servers not to allow recursion..
>>> (either from internal or external machines.) I'm also setting up
>>> Stealth Secondaries that will allow recursion from internal
>>> machines. Our internal servers will be authoritative for internal
>>> domains and forward all Internet queries to the external stealth
>>> secondaries.
>>>
>>> Q:Will this work? (I know that a stealth secondary usually only
>>> serves resolvers, but does it differentiate between a resolver
>>> request and a Name server request?
>>
>> No, it has no way of doing that. They just look like recursive
>> queries.
>
> Well, one could enumerate all of the internal servers in an
> allow-recursion statement, but that's not very maintainable...
Actually, the question I was answering was, "Can a name server
tell whether a query comes from a resolver or a name server?"
cricket
Men & Mice
DNS Software, Training and Consulting
www.menandmice.com
The DNS and BIND Cookbook, now available!
http://www.oreilly.com/catalog/dnsbindckbk/
More information about the bind-users
mailing list