Questions about options

Barry Margolin barmar at alum.mit.edu
Sat Feb 20 16:42:44 UTC 2010


In article <mailman.487.1266666064.21153.bind-users at lists.isc.org>,
 gmspro <gmspro at yahoo.com> wrote:

> options {
>                 directory "/etc/bind";
>                 allow-query { localhost; };
>                 allow-recursion { 127.0.0.1; };
>                 listen-on { <IP of Server>; };
>                 allow-transfer { none; };
>                 auth-nxdomain yes;
> 
> };
> 
> why are allow-query ,allow-recursion, listen-on, allow-transfer 
> ,auth-nxdomain used?
> 
> Thank you.
> 
> 
>       

allow-query and allow-recursion are used to prevent remote clients from 
using this server.  In this case, allow-recursion is redundant; if you 
don't allow remote clients to query, you don't have to worry about 
whether you'll recurse for them.

listen-on is used when a server has multiple IPs, and you want to 
restrict which ones it will answer queries on.

allow-transfer is used to restrict who can perform zone transfers of 
zones that the server hosts.

auth-nxdomain controls whether answers that say that a name doesn't 
exist will be marked authoritative.  There was some old client software 
that didn't like NXDOMAIN responses that are non-authoritative, even 
though they're coming from a caching server.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list