recursion

ic.nssip ic.nssip at northwestel.net
Thu Mar 11 15:50:55 UTC 2010 

Hi Kevin,

I followed your advice and I explicitly added:

recursion yes;
allow-recursion { custnets; };

I'm using MRTG for interface bandwidth monitoring and Smokeping for time 
response on queries and all look the same as before. So, so far so good!

Thank you!
Julian



----- Original Message ----- 
From: "Kevin Darcy" <kcd at chrysler.com>
To: <bind-users at lists.isc.org>
Sent: Wednesday, March 10, 2010 4:54 PM
Subject: Re: recursion


> On 3/10/2010 4:45 PM, ic.nssip wrote:
>> I've got the idea!
>> So even I have no statement "recursion yes", the server is still 
>> recursive as time I dont specify "recursion no;"
>> It is going to make no difference if I'll add "recursion yes;" on 
>> options.
> No difference.
>>
>> Is "localnets" a term I really need to use?
> It's predefined. Read the ARM.
>>
>> Currently I'm using an ACL defined for "acl custnets { x.x.x.x; };" and 
>> "allow-query { custnets; };"
>>
>> Should I change the name "custnets" to "localnets"?
> If they're numerically  the same thing, then it would just be a matter of 
> personal preference. If they're different, then it would depend on one's 
> implementation requirements whether it's ok to switch one for the other. 
> We don't have enough information about your implementation requirements to 
> give a definitive answer one way or the other.
>
> Note that both "localnets" and "localhost" can change dynamically, if 
> network interfaces are brought up and/or taken down.
>> Is my customized name "custnets" going to affect recursion in any way if 
>> I use it instead of "localnets"?
>
> If running BIND 9.4.x or higher, "allow-query { custnets; }" will affect 
> one's allow-recursion default if "custnets" is (or _becomes_, as a result 
> of interfaces being brought up and/or taken down) in any way numerically 
> different from "{ localnets; localhost; }".
>
> (Of course, a query that's REFUSED will never get a chance to recurse, but 
> one can override a *global* allow-query at the zone level, so it still 
> makes sense for allow-recursion to cross-inherit from allow-query)
>
> If all of this is confusing, then I would recommend explicitly setting all 
> of them -- allow-query, allow-query-cache, allow-recursion. Then you don't 
> need to constantly guess at what is inheriting from where.
>
>                                                                         - 
> Kevin
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

More information about the bind-users mailing list