Caching name server setup problems

Mark Andrews Mark_Andrews at isc.org
Wed Jul 16 02:27:16 UTC 2008


> > Here's how they interrelate (from the ARM):
> > 
> > *allow-query*
> > 
> >     Specifies which hosts are allowed to ask ordinary DNS questions.
> >     *allow-query* may also be specified in the *zone* statement, in
> >     which case it overrides the *options allow-query* statement. If not
> >     specified, the default is to allow queries from all hosts.
> > 
> > 
> >           Note
> > 
> >     *allow-query-cache* is now used to specify access to the cache.
> > 
> > *allow-query-cache*
> > 
> >     Specifies which hosts are allowed to get answers from the cache. If
> >     *allow-query-cache* is not set then *allow-recursion* is used if
> >     set, otherwise *allow-query* is used if set, otherwise the default
> >     (*localnets;* *localhost;*) is used.
> > 
> > *allow-recursion*
> > 
> >     Specifies which hosts are allowed to make recursive queries through
> >     this server. If *allow-recursion* is not set then
> >     *allow-query-cache* is used if set, otherwise *allow-query* is used
> >     if set, otherwise the default (*localnets;* *localhost;*) is used
> > 
> > 
> >     - Kevin
> > 
> [Michael P. Varre] 
> 
> Wow, talk about going cross-eyed!  So, without any of those set, with normal
> recursion turned on, an no views, I should still be getting answers for
> recursive queries from "other" subnets, right?

	No.  The defaults allow for directly connected networks
	only.

	Note localhost is in there because some platforms do not
	provide IPv6 prefix sizes.  On those platforms on the host
	get recursive service via IPv6.

	Mark

> I don't see that I have
> anything at all set that would inhibit a recursive query from anywhere at
> all.
> 
> Thanks again 
> 
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list