allow query / allow recursion confusion

Barry Margolin barmar at alum.mit.edu
Tue Jun 26 00:56:17 UTC 2007 

In article <f5or2j$t4$1 at sf1.isc.org>,
 "Clenna Lumina" <savagebeaste at yahoo.com> wrote:

> Kal Feher wrote:
> > From the 9.3 ARM
> > "Note that setting recursion no does not prevent clients from getting
> > data from the server's cache; it only prevents new data from being
> > cached as an effect of client queries"
> >
> >
> > specifically:
> > To barry's email saying that allow-query-cache now did what
> > allow-recursion was thought to do, you said "recursion no" did this.
> > It does not, as clearly stated in the ARM excerpt above. Yes it seems
> > cleaner, but no it doesn't work.
> 
> Doesn't work? My setup seems to disagree with you as I does my test 
> which I posted. I set the "external" view to have "recursion: no" while 
> setting the same to "yes" for the "internal".
> 
> Each view is properly ACL'ed inthe match-clients clause.
> 
> I can look up any domain fro mthe "internal" side, but from any terminal 
> on the "external" side (read: anywhere else on the internet) I cannot 
> look up any domains other then what my server is authoritative for. Even 
> if I looks up, say "yahoo.com" on the "internal" side and immediately 
> thereafter attempt the same lookup against my name server from an 
> "external" terminal (I ssh'ed into a remote system), I cannot get 
> anything other than a list of root servers. No "yahoo.com" records, 
> cahced or otherwise.
> 
> Bottom line: cached responses are not available when "resursion: no" is 
> used. After the first lookup on the "internal" side, an repeat queries 
> are instant, so they are being cached.

You never mentioned that you were using VIEWS earlier.  That changes 
everything, because views implements separate virtual servers.  Each 
view has its own cache.

The answers we gave earlier assumed that the internal and external 
clients were in the same view (or no views were being used), and you 
were using "allow-recursion { internal; }".

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list