query vs. recursion?
Mark Andrews
Mark_Andrews at isc.org
Tue Jan 9 22:58:38 UTC 2007
> On Wed, 10 Jan 2007, Mark Andrews wrote:
> The basic premise, I'd say, is that "allow query" is best thought of for
> use on zones you host locally (in your named.conf), but that "allow
> recursion" is for things that are not.
>
> Of course, Mark brings up the excellent point I hadn't realized, that
> allow-query would allow people to see data (in cache) that is NOT hosted
> locally, but was put there by someone else who WAS within allow-recursion.
>
> Is there a setting for allow-query on cache data versus authoritative
> data, Mark?
9.4.0 has allow-query cache. Prior to 9.4 you need to set
allow-query on each zone if you don't want the cache visible
and still leave the zones visible.
> -Dan
>
>
> >
> >> What is the difference between the two in the named.conf file?
> >>
> >>
> >> allow-query { any; };
> >> allow-recursion { ourip; };
> >
> >
> > The above would allow ourip to populate the cache but anyone
> > to see it. It also sets the default allow-query for zones to
> > "any;".
> >
> > One says who can query.
> > The other says who can recurse.
> >
> >
> >
> >> Thanks,
> >>
> >> Kris
> >>
> >>
> >>
> >
>
> --
>
> "Of course she's gonna be upset! You're dealing with a woman here Dan,
> what the hell's wrong with you?"
>
> -S. Kennedy, 11/11/01
>
> --------Dan Mahoney--------
> Techie, Sysadmin, WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144 AIM: LarpGM
> Site: http://www.gushi.org
> ---------------------------
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list