Caching name server setup problems
Kevin Darcy
kcd at chrysler.com
Thu Jul 17 03:53:26 UTC 2008
Michael Varre wrote:
>> Here's how they interrelate (from the ARM):
>>
>> *allow-query*
>>
>> Specifies which hosts are allowed to ask ordinary DNS questions.
>> *allow-query* may also be specified in the *zone* statement, in
>> which case it overrides the *options allow-query* statement. If not
>> specified, the default is to allow queries from all hosts.
>>
>>
>> Note
>>
>> *allow-query-cache* is now used to specify access to the cache.
>>
>> *allow-query-cache*
>>
>> Specifies which hosts are allowed to get answers from the cache. If
>> *allow-query-cache* is not set then *allow-recursion* is used if
>> set, otherwise *allow-query* is used if set, otherwise the default
>> (*localnets;* *localhost;*) is used.
>>
>> *allow-recursion*
>>
>> Specifies which hosts are allowed to make recursive queries through
>> this server. If *allow-recursion* is not set then
>> *allow-query-cache* is used if set, otherwise *allow-query* is used
>> if set, otherwise the default (*localnets;* *localhost;*) is used
>>
>>
>> - Kevin
>>
>>
> [Michael P. Varre]
>
> Wow, talk about going cross-eyed! So, without any of those set, with normal
> recursion turned on, an no views, I should still be getting answers for
> recursive queries from "other" subnets, right? I don't see that I have
> anything at all set that would inhibit a recursive query from anywhere at
> all.
>
Without any of those set, it would appear that the default is to allow
all queries, but recursion and answering-from-cache would be limited to
{ localhost; localnets; } clients.
You'd need to define something for truly "external" clients to get
recursion or answers from cache.
- Kevin
More information about the bind-users
mailing list