allow-resursion stuff
Mark Andrews
Mark_Andrews at isc.org
Wed Jun 7 21:33:26 UTC 2006
> Hi All,
>
> The allow-recursion { trusted; }; is very nice.
> However, isn't it true to when you haven't also got
> allow-query { trusted; }; there is still an issue with just
> allow-recursion? For example, suppose that somebody within the trusted range
> did a query on yahoo.com, it'll be cached. Suppose that allow-query isn't set
> and an external client does a query on yahoo.com he'll get a response because
> the answer is still in the cache? Meaning that external clients can query
> the specified domains which are defined in named.conf but also what is in
> cache? I guess this issue will be addressed in bind 9.4.0 with
> "allow-query-cache" ?
You can achieve the same effect in earlier versions. You just have
allow-query { any; }; in every zone.
> Bye,
>
> Mipam.
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list