query vs. recursion?
jm
jm at hcn.com.au
Tue Jan 9 23:09:43 UTC 2007
Hi Dan,
There's an option in Bind 9.4 for this,
allow-query-cache
Cheers,
Jason
Dan Mahoney, System Admin wrote:
> On Wed, 10 Jan 2007, Mark Andrews wrote:
> The basic premise, I'd say, is that "allow query" is best thought of for
> use on zones you host locally (in your named.conf), but that "allow
> recursion" is for things that are not.
>
> Of course, Mark brings up the excellent point I hadn't realized, that
> allow-query would allow people to see data (in cache) that is NOT hosted
> locally, but was put there by someone else who WAS within allow-recursion.
>
> Is there a setting for allow-query on cache data versus authoritative
> data, Mark?
>
> -Dan
>
>
>
>>> What is the difference between the two in the named.conf file?
>>>
>>>
>>> allow-query { any; };
>>> allow-recursion { ourip; };
>>>
>> The above would allow ourip to populate the cache but anyone
>> to see it. It also sets the default allow-query for zones to
>> "any;".
>>
>> One says who can query.
>> The other says who can recurse.
>>
>>
>>
>>
>>> Thanks,
>>>
>>> Kris
>>>
>>>
>>>
>>>
>
> --
>
> "Of course she's gonna be upset! You're dealing with a woman here Dan,
> what the hell's wrong with you?"
>
> -S. Kennedy, 11/11/01
>
> --------Dan Mahoney--------
> Techie, Sysadmin, WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144 AIM: LarpGM
> Site: http://www.gushi.org
> ---------------------------
>
>
>
>
More information about the bind-users
mailing list