query cache and BIND 9.4.1-P1
Jeff Reasoner
jeff.reasoner at mail.hccanet.org
Fri Jul 27 18:33:35 UTC 2007
I thought the same, but quickly found that with bind 9.4.1-P1, I did
actually have to *add* an allow-query statement and corresponding ACL in
order for recursive lookups including cache queries to work.
As with your config, I ran 9.4.1 previously and had no allow-query
statement in my config. I still do not have any allow-query-cache
statement however.
Jeff Reasoner
On Fri, 2007-07-27 at 14:14, Barry Finkel wrote:
> I was running BIND 9.3.4, and this morning on two of our four servers
> I upgraded to BIND 9.4.1-P1. On one interal DNS server I see in the
> syslog:
>
> Jul 27 10:25:05 dns1 named[12597]: [ID 873579 daemon.info]
> client 146.139.76.39#1825: query (cache) 'www.msn.com/A/IN' denied
>
> I see in the 9.4.1-P1 README file:
>
> New option "allow-query-cache". This lets allow-query be
> used to specify the default zone access level rather than
> having to have every zone override the global value.
> allow-query-cache can be set at both the options and view
> levels. If allow-query-cache is not set allow-query applies.
>
> Would I need to make any configuration changes to allow my internal
> clinets access to the 9.4.1-P1 DNS cache? The README text above
> sems to imply that I would not have to make any changes. I have no
>
> allow-query
>
> statements in the BIND 9.3.4 configuration file.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Computing and Information Systems Division
> Argonne National Laboratory Phone: +1 (630) 252-7277
> 9700 South Cass Avenue Facsimile:+1 (630) 252-4601
> Building 222, Room D209 Internet: BSFinkel at anl.gov
> Argonne, IL 60439-4828 IBMMAIL: I1004994
>
>
More information about the bind-users
mailing list