Disable recursion externally, allow internally

Robert Zilbauer zilbauer at slappy.org
Thu Apr 27 16:30:38 UTC 2006


On Thursday 27 April 2006 03:26 am, milney_boy wrote:
> This appears to work as a query from another server appears to not
> return a recursive result, whereas a local nslookup does resolve.
> However, as I have listed my domains in the "external" view so that
> they will be resolved correctly on the internet, it appears that they
> no longer resolve from an internal query.
>
> I don't want to have to list all my domains twice; once in the
> internal, once in the external though.  I also think it is causing
> problems with nsupdate as i get a message ";;connection timed out. no
> servers could be reached" when trying to update one of the domains
> listed in the "external" view (i have specified allow-update{ any;
> };).

Rather than list all your zones twice, you could put them all in a 
separate file and just include that file in both views.

For example, put your zones in a file called "zone-definitions" and then 
add:

  include "/path/to/zone-definitions";

In both your external and internal views. 

That did the trick for me, at least. We don't have any dynamic updates 
so I can't say this'll be a magic bullet for that issue, but I think 
it'd at least be a step in the right direction.

-- 
The Sun,  with all  the planets  revolving  around  it,  and 
depending on it, can still ripen a bunch of grapes as though 
it had nothing else in the Universe to do.
                             -- Galileo Galilei, 1564 - 1642



More information about the bind-users mailing list