On Fri, Jan 03, 2003 at 06:54:12AM -0600, Len Conrad wrote:
> 
> 
> >   i have Dns which is having the
> >options statment as follows
> >
> >   allow-recursion {
> >             205.109.68.0/19;207.187.192.0/19;
> >         };
> >    now if i want to allow all types of queries
> 
> Thre are only two types of queries in the world, those that are recursive 
> and those that aren't.
> 
> >including the recursive queries to all my zones then
> >how can i do that
> 
> You have restricted recursion to the above 2 /19's.  you have no 
> restriction on queries.
> 
> >    so how to achive this ,
> 
> already done
> 
> >one more thing whats the diff between allow-query and
> >allow-recursion statment,
> 
> self explanatory, no?
> 
> >  i mean does putting "allow
> >query" in my zone defination
> 
> allow-query is a per-server or per-zone, allow-recursion is only per-server
> 
> >will allow the recursive
> >queries to my zone to which i want to allow all types
> >of queries
> 
> You probably don't want to restrict queries at all, but you should restrict 
> recursion.  If I understand what you want to do, you've done it.

Nilesh,

If you want to restrict queries to allow some systems to do recursive
queries against your server, but all others should be allowed to do
authoritative queries, only, you should look at setting up views.  

You can find an examples of this within the secure-bind-template
(http://www.cymru.com/Documents/secure-bind-template.html) written and
maintained by Rob Thomas.  There are also examples of this and other
good documentation within the DNS&BIND cookbook
(http://www.oreilly.com/catalog/dnsbindckbk/), DNS & BIND 4th Edition
(http://www.oreilly.com/catalog/dns4/) and the BINDv9 ARM at
http://www.nominum.com/content/documents/bind9arm.pdf.

				 -rob

-- Attached file included as plaintext by Ecartis --

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+FkE5OVBTTvic5hMRAmG0AJ9+o1CNBVleBJE1OPBU3TmwldaGcQCg6Q/C
5sX3tIOUGc9wcI0IiWupAcI=
=Lyg9
-----END PGP SIGNATURE-----