allow query or recursive?

[Barry Margolin]

In article <h0253r$e41$1 at sf1.isc.org>, dantian.ap at optusnet.com.au 
wrote:

> Hi,
> I have a bind server I now use as a caching.
> 
> In allowing my work desktop to access i found that it was being refused using 
> allow-query, but if i add it to recursion it works, have i mis-understood the 
> use of allow-query? The Bind Admin Manual seems to say what I thought use it 
> to allow those to query your server.
> 
> acl "trust" { localhost; localnets; 192.168.0.0/24; 202.149.56.199; };
> options {
>         directory "/var/named/zones";
>         allow-query { trust; };
>         allow-query-cache  { trust; };
>         allow-transfer { none; };
>         allow-recursion { admin; };
>         listen-on { any; };
>         transfer-format many-answers;
>         interface-interval 0;
> };
> 
> 
> Now this works well for LAN, but 202.149.. can not get answer, If I change 
> ACL admin to trust it works (only difference between them is 202 IP is not in 
> admin)
> 
> So this I ask, does mean allow-query is useless now days?
> Or is this only of any use if my server is also authoritative ?
> Do I even need query since recursive decides who can query my server?

Allow-query allows the clients to query the zones that your server is 
authoritative for.

Allow-recursion allows them to request recursion, which is needed to 
look up names in remote zones.

Allow-query-cache allows them to query the data that's in the cache due 
to some client previously requesting recursion.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***