allow-resursion stuff

Mark Andrews Mark_Andrews at isc.org
Wed Jun 7 21:33:26 UTC 2006


> Hi All,
> 
> The allow-recursion { trusted; }; is very nice.
> However, isn't it true to when you haven't also got
> allow-query { trusted; }; there is still an issue with just
> allow-recursion? For example, suppose that somebody within the trusted range
> did a query on yahoo.com, it'll be cached. Suppose that allow-query isn't set
> and an external client does a query on yahoo.com he'll get a response because
> the answer is still in the cache? Meaning that external clients can query
> the specified domains which are defined in named.conf but also what is in
> cache? I guess this issue will be addressed in bind 9.4.0 with
> "allow-query-cache" ?

	You can achieve the same effect in earlier versions.  You just have
	allow-query { any; }; in every zone.

> Bye,
> 
> Mipam.
> 
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list