allow-recursion for internal hosts resolves cached queries for externals.
oliver bril
oliver_bril at hotmail.com
Wed Oct 15 08:51:19 UTC 2003
My problem is the following.
I'm running bind 9.2.2 and want to use the allow-recursion option for
all our internal domains. Externals may only query domains for which
i'm primairy.
my named.conf contains the following statements (i left a lot out of
it because it doesn't matter and i xxxx my ip-addresses)
acl "internal" {
xxxx.xxxx.xxxx.104; xxxx.xxxx.xxxx.97;
};
options {
allow-recursion { "internal"; };
};
Everything seemed fine. When i do a query from host xxxx.xxxx.xxxx.104
everything is resolved. When i do a query from a host not defined in
the acl "internal" list i can only resolve the domains which i am
primairy for.
So far so good.
Here is the problem:
When an "internal" host resolves for instance hotmail.com this is
cached by bind. When i resolve hotmail.com on an external host (not
defined in the acl) it also resolves hotmail (think because it's in
it's cache.)
when i flush my cache and do the query from an external host to
hotmail again it just sais you should go to the root servers (which is
good)
Isn't this a bug because as far i understand the function shouldn't
allow external hosts to resolve hotmail.com?(not even when it's is in
the dns servers cache)
Hope someone can help me on this one.
Kind regards,
Oliver Bril
Oliver_Bril at hotmail.com
More information about the bind-users
mailing list