query cache and BIND 9.4.1-P1

Chris Buxton cbuxton at menandmice.com
Fri Jul 27 18:34:52 UTC 2007

Starting in 9.4, the following have become the defaults:

allow-query-cache { localhost; localnets; };
allow-recursion { localhost; localnets; };

Note that, starting in the most recent version, these two are linked  
by default - you can set one, and if you don't set the other, the  
other will be set to match. So all you need to do is:

allow-recursion { trusted-nets; };

This assumes you have defined a list of trusted networks as an ACL.  
Otherwise, replace "trusted-nets" with the actual subnet(s) you  
intend to allow recursion for.

Chris Buxton
Men & Mice

On Jul 27, 2007, at 11:14 AM, Barry Finkel wrote:

> I was running BIND 9.3.4, and this morning on two of our four servers
> I upgraded to BIND 9.4.1-P1.  On one interal DNS server I see in the
> syslog:
>      Jul 27 10:25:05 dns1 named[12597]: [ID 873579 daemon.info]
>        client query (cache) 'www.msn.com/A/IN'  
> denied
> I see in the 9.4.1-P1 README file:
>         New option "allow-query-cache".  This lets allow-query be
>         used to specify the default zone access level rather than
>         having to have every zone override the global value.
>         allow-query-cache can be set at both the options and view
>         levels.  If allow-query-cache is not set allow-query applies.
> Would I need to make any configuration changes to allow my internal
> clinets access to the 9.4.1-P1 DNS cache?  The README text above
> sems to imply that I would not have to make any changes.  I have no
>      allow-query
> statements in the BIND 9.3.4 configuration file.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Computing and Information Systems Division
> Argonne National Laboratory          Phone:    +1 (630) 252-7277
> 9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
> Building 222, Room D209              Internet: BSFinkel at anl.gov
> Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list