Disable recursion externally, allow internally
Robert Zilbauer
zilbauer at slappy.org
Thu Apr 27 16:30:38 UTC 2006
On Thursday 27 April 2006 03:26 am, milney_boy wrote:
> This appears to work as a query from another server appears to not
> return a recursive result, whereas a local nslookup does resolve.
> However, as I have listed my domains in the "external" view so that
> they will be resolved correctly on the internet, it appears that they
> no longer resolve from an internal query.
>
> I don't want to have to list all my domains twice; once in the
> internal, once in the external though. I also think it is causing
> problems with nsupdate as i get a message ";;connection timed out. no
> servers could be reached" when trying to update one of the domains
> listed in the "external" view (i have specified allow-update{ any;
> };).
Rather than list all your zones twice, you could put them all in a
separate file and just include that file in both views.
For example, put your zones in a file called "zone-definitions" and then
add:
include "/path/to/zone-definitions";
In both your external and internal views.
That did the trick for me, at least. We don't have any dynamic updates
so I can't say this'll be a magic bullet for that issue, but I think
it'd at least be a step in the right direction.
--
The Sun, with all the planets revolving around it, and
depending on it, can still ripen a bunch of grapes as though
it had nothing else in the Universe to do.
-- Galileo Galilei, 1564 - 1642
More information about the bind-users
mailing list