recursive queries for subdomains
Kevin Darcy
kcd at daimlerchrysler.com
Thu Dec 9 23:35:31 UTC 2004
saruman7 wrote:
>We are trying to setup bind so that our company's external facing dns
>servers will do recursive lookups to internal subdomains that have
>their own dns servers that are not world accessible, but we do not want
>the external dns servers to be able to do recursive lookups for other
>domains (i.e. yahoo.com, cnn.com, etc.) Can someone tell me how to set
>up recursive lookups in this manner?
>
>Currently our external dns servers have all recursion turned off with
>this setting in the named.conf file:
>
>allow-recursion { none; };
>
Looks like named.conf's syntax doesn't allow a per-zone
"allow-recursion". Pity. If that were possible, you could define the
subdomains (hopefully you mean sub*zone*s, since BIND is not nearly
granular enough to apply access control to undelegated subdomains) as
"type stub" and then just override the allow-recursion default.
In the absence of that, you don't have any really good choices. You
could, of course, make your external server a slave for those subzones,
but then you have to deal with the zone-transfer overhead...
- Kevin
More information about the bind-users
mailing list