Caching name server setup problems

Kevin Darcy kcd at chrysler.com
Thu Jul 17 03:53:26 UTC 2008


Michael Varre wrote:
>> Here's how they interrelate (from the ARM):
>>
>> *allow-query*
>>
>>     Specifies which hosts are allowed to ask ordinary DNS questions.
>>     *allow-query* may also be specified in the *zone* statement, in
>>     which case it overrides the *options allow-query* statement. If not
>>     specified, the default is to allow queries from all hosts.
>>
>>
>>           Note
>>
>>     *allow-query-cache* is now used to specify access to the cache.
>>
>> *allow-query-cache*
>>
>>     Specifies which hosts are allowed to get answers from the cache. If
>>     *allow-query-cache* is not set then *allow-recursion* is used if
>>     set, otherwise *allow-query* is used if set, otherwise the default
>>     (*localnets;* *localhost;*) is used.
>>
>> *allow-recursion*
>>
>>     Specifies which hosts are allowed to make recursive queries through
>>     this server. If *allow-recursion* is not set then
>>     *allow-query-cache* is used if set, otherwise *allow-query* is used
>>     if set, otherwise the default (*localnets;* *localhost;*) is used
>>
>>
>>     - Kevin
>>
>>     
> [Michael P. Varre] 
>
> Wow, talk about going cross-eyed!  So, without any of those set, with normal
> recursion turned on, an no views, I should still be getting answers for
> recursive queries from "other" subnets, right?  I don't see that I have
> anything at all set that would inhibit a recursive query from anywhere at
> all.
>   
Without any of those set, it would appear that the default is to allow 
all queries, but recursion and answering-from-cache would be limited to 
{ localhost; localnets; } clients.

You'd need to define something for truly "external" clients to get 
recursion or answers from cache.

- Kevin



More information about the bind-users mailing list