NEWBIE: limiting queries on authorative name server

[Barry Margolin]

In article <aciso1$e6tu$1 at isrv4.isc.org>, Wout Tankink  <wout at gmx.net> wrote:
>I'm setting up a master name server on my home LAN that is authorative
>for some public domains. I'm setting up a slave name server on the LAN
>at my office (that is also authorative for these domains).
>I want to restrict quering the nameserver on my home LAN, because of
>the limited bandwith (DSL). The domain registry will check the set up
>of the nameservers before letting me register them. 
>
>1. Will the check by the domain regsitry fail, when I limit the
>quering (BIND's feature "allow-query") to my own machines (internal
>and external).

Some registrars don't check, but if the registrar you use does, it would
fail.

If that machine is not supposed to be used by the public, why would you
include it in the registration?  The only point of registering a server is
to advertise its availability to the rest of the Internet.

>2. Is it wise to limit quering of authorative nameservers? I think
>not, because other nameservers should be able to query them to solve
>the domain names. Or doesn't allow-query limit the quering by other
>nameservers. It will then only limit the quering by resolvers not from
>my machines.

Maybe what you really want is "allow-recursion".  This will allow other
sites to look things up in your authoritative zones, but they won't be able
to use your server in their resolver configurations.

If you want to control querying on a per-zone basis, you can override the
global "allow-query" with an "allow-query" option in the individual zone
statements.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.