do I want/need allow-query-cache for local subnet?
aklist
aklist_bind at enigmedia.com
Sun Aug 3 16:15:38 UTC 2008
Hi: I just upgraded from 9.2.3 to 9.5.0-P1. This NS happens to be in a colo
facility, with only 6-7 web and mailservers NAT'd in it's local subnet. I
have a view "internal" for these servers so they can "find" each other using
their 192.168.1/24 addresses.
I have ACLs set up for my local subnet and the "rest of world" as follows:
acl "localsubnet" {192.168.1/24; 127.8; };
view "internal" {
match-clients { "localsubnet"; };
recursion yes;
[zones]
};
view "external" {
match-clients {any; };
recursion no;
[zones]
};
do I need to explicitly add an allow-query-cache statement to the internal
view? Does it matter if local clients have access to the cache? There's only
a 6-7 servers, but they may request RRs with some frequency.
Do I need any allow-query statements or can I just let BIND default to what
it wants to do?
More information about the bind-users
mailing list