<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><br>
<br>
So if my server is authoritative for MyDomain.com, should Joe
Sixpak be able to resolve it via whatever DNS he's using, as mine
is currently set up?<br>
<br>
Do I need to change it to
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<pre><code>allow-query { any; };</code></pre>
in order to allow that to happen? Will my restriction on
recursion keep the riffraff to a minimum?<br>
<br>
Thanks.<br>
<br>
On 9/29/14, 7:58 PM, Ben Croswell wrote:<br>
</div>
<blockquote
cite="mid:CAJga8ZskQQv2eEJKfLxKrROn=6k3rK_CKJV7zTkZ-X6B2U0hVg@mail.gmail.com"
type="cite">
<p dir="ltr">The default for allow query is local host local
nets. Basically the server itself and directly connected
networks</p>
<div class="gmail_quote">On Sep 29, 2014 8:03 PM, "Bill
Christensen" <<a moz-do-not-send="true"
href="mailto:billc_lists@greenbuilder.com">billc_lists@greenbuilder.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi folks,<br>
<br>
Something got sideways on one of my DNS servers, and I would
appreciate some help in figuring out what's going on.<br>
<br>
I'm running BIND 9.10.1. This server is authoritative
master for a number of domains.<br>
<br>
First off, I may have the allow-query set incorrectly.
Currently I have:<br>
<br>
acl query-permit {<br>
(range of IP address on the local LAN which are allowed
to use this server as their query server)<br>
};<br>
<br>
acl recursive-permit {<br>
(range of IP address on the local LAN which are allowed
to use this server for recursive queries)<br>
};<br>
<br>
acl transfer-permit {<br>
(IP addresses of a couple other name servers allowed to
do transfers with this one)<br>
};<br>
<br>
and at the beginning of the options section:<br>
<br>
allow-recursion { recursive-permit; };<br>
allow-transfer { transfer-permit; };<br>
// allow-query { query-permit; };<br>
<br>
Allow-query is commented out, which I assume will allow
anyone to query this server for the domains for which it has
master or slave records, but does not allow the general
public to do recursive queries or queries on domains not
hosted here. <br>
<br>
Let me know if I've got that right, or how to correct it if
I don't.<br>
<br>
If this part is correct I'll continue the questioning. <br>
<br>
Thanks!<br>
<br>
<br>
<br>
</div>
<br>
_______________________________________________<br>
Please visit <a moz-do-not-send="true"
href="https://lists.isc.org/mailman/listinfo/bind-users"
target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a>
to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a moz-do-not-send="true"
href="https://lists.isc.org/mailman/listinfo/bind-users"
target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>