views, recursion, and allow-recursion

R Dicaire kritek at
Sun Jun 22 23:37:01 UTC 2008

On Sun, Jun 22, 2008 at 6:05 PM, Alan Clegg <Alan_Clegg at> wrote:
> Since your internal ACL matches what you were using in
> "allow-recursion", just change the "allow-recursion" in global options
> to "recursion no;" and allow the view based "recursion yes;" (internal)
> and "recursion no;" (external) to override it.
> Note that ! ("none") is added to every ACL expansion, so you
> don't need it in the example above.
> Just for good measure, you may want to change the external match-clients to:
>   match-clients { !internal; any; };

Having made the above modifications, external client queries for data
my NS isn't authoritative for no longer show cache query denied in
syslog, but instead return a list of the tld root servers.
Is this the appropriate response/behaviour?

aRDy Music and Rick Dicaire present:

More information about the bind-users mailing list