allow query or recursive?
Barry Margolin
barmar at alum.mit.edu
Tue Jun 2 04:28:47 UTC 2009
In article <h0253r$e41$1 at sf1.isc.org>, dantian.ap at optusnet.com.au
wrote:
> Hi,
> I have a bind server I now use as a caching.
>
> In allowing my work desktop to access i found that it was being refused using
> allow-query, but if i add it to recursion it works, have i mis-understood the
> use of allow-query? The Bind Admin Manual seems to say what I thought use it
> to allow those to query your server.
>
> acl "trust" { localhost; localnets; 192.168.0.0/24; 202.149.56.199; };
> options {
> directory "/var/named/zones";
> allow-query { trust; };
> allow-query-cache { trust; };
> allow-transfer { none; };
> allow-recursion { admin; };
> listen-on { any; };
> transfer-format many-answers;
> interface-interval 0;
> };
>
>
> Now this works well for LAN, but 202.149.. can not get answer, If I change
> ACL admin to trust it works (only difference between them is 202 IP is not in
> admin)
>
> So this I ask, does mean allow-query is useless now days?
> Or is this only of any use if my server is also authoritative ?
> Do I even need query since recursive decides who can query my server?
Allow-query allows the clients to query the zones that your server is
authoritative for.
Allow-recursion allows them to request recursion, which is needed to
look up names in remote zones.
Allow-query-cache allows them to query the data that's in the cache due
to some client previously requesting recursion.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list