Default Xfrout transfer_acl
Spain, Dr. Jeffry A.
spainj at countryday.net
Wed Feb 8 16:27:37 UTC 2012
>> In conjunction with this I would like to point out that you have set
>> up b10-resolver by default to accept queries only from localhost.
>> Using the same reasoning as above, this is a good choice. In bind9, on
>> the other hand, allow-query defaults to all hosts, so you do have a
>> precedent for breaking tradition with bind9.
> This default for BIND 9 was changed a few years ago. While it may allow queries, it may not provide useful answers. See confusing configuration for allow-query-cache and allow-recursion about how they default to the local networks only.
Agreed that this is confusing, and so presents an opportunity for the bind10 developers to make things simpler, more consistent, and more secure. Jeff.
More information about the bind10-users
mailing list