query vs. recursion?

Dan Mahoney, System Admin danm at prime.gushi.org
Tue Jan 9 21:11:21 UTC 2007

On Wed, 10 Jan 2007, Mark Andrews wrote:
The basic premise, I'd say, is that "allow query" is best thought of for 
use on zones you host locally (in your named.conf), but that "allow 
recursion" is for things that are not.

Of course, Mark brings up the excellent point I hadn't realized, that 
allow-query would allow people to see data (in cache) that is NOT hosted 
locally, but was put there by someone else who WAS within allow-recursion.

Is there a setting for allow-query on cache data versus authoritative 
data, Mark?


>> What is the difference between the two in the named.conf file?
>> allow-query     { any; };
>> allow-recursion  { ourip; };
> 	The above would allow ourip to populate the cache but anyone
> 	to see it.  It also sets the default allow-query for zones to
> 	"any;".
> 	One says who can query.
> 	The other says who can recurse.
>> Thanks,
>> Kris


"Of course she's gonna be upset!  You're dealing with a woman here Dan,
what the hell's wrong with you?"

-S. Kennedy, 11/11/01

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org

More information about the bind-users mailing list