Nick.Allum at rci.rogers.com
Thu Nov 16 15:23:51 UTC 2006
Do you know how you would go about locking down your advertisitng DNS
Servers by turning recursion off but still allowing some CNAME's to
resolve to other external non authorative.
For example you are advertising the domain
In the zone file it contains
Test IN A 126.96.36.199
More IN A 188.8.131.52
Again IN A 184.108.40.206
Out IN CNAME somexternal.domain.com.
Nice IN A 220.127.116.11
Outside IN CNAME yahooos.yahoo.com.
The hostname outside.hello.com. Will not resolve as my servers is non
recursive, also out.hello.com. Will also not resolve. How would I be
able to work around this situation in order to protect my dns server
from performing recursive lookups to the rest of the world.
More information about the bind-users