Stealth Slave used in forwarders list.. workable or not ??

Cricket Liu cricket at menandmice.com
Wed Oct 23 21:07:56 UTC 2002


Kevin Darcy wrote:
> Cricket Liu wrote:
> 
>> Theo C wrote:
>>> I'm setting up our external DNS servers not to allow recursion..
>>> (either from internal or external machines.) I'm also setting up
>>> Stealth Secondaries that will allow recursion from internal
>>> machines. Our internal servers will be authoritative for internal
>>> domains and forward all Internet queries to the external stealth
>>> secondaries. 
>>> 
>>> Q:Will this work? (I know that a stealth secondary usually only
>>> serves resolvers, but does it differentiate between a resolver
>>> request and a Name server request?
>> 
>> No, it has no way of doing that.  They just look like recursive
>> queries. 
> 
> Well, one could enumerate all of the internal servers in an
> allow-recursion statement, but that's not very maintainable...

Actually, the question I was answering was, "Can a name server
tell whether a query comes from a resolver or a name server?"

cricket

Men & Mice
DNS Software, Training and Consulting
www.menandmice.com

The DNS and BIND Cookbook, now available!
http://www.oreilly.com/catalog/dnsbindckbk/



More information about the bind-users mailing list