Bind behind a DMZ?
Res
res at ausics.net
Tue Jan 8 03:25:48 UTC 2008
On Tue, 8 Jan 2008, Mark Andrews wrote:
>> ....It's also been years since I've changed the way I do trusted acl's,
>> but I'm sure now days you don't need to include localhost or localnet as
>> bind gets this from interfaces at startup and only need IP ranges
>> not in the /24 (Mark? correct?)
>
> The default is { localhost; localnets; }; for allow-query-cache
> and allow-recursion. If however you set either one of these
> or set allow-query the defaults are overriden with what you have
> in the relevent acls.
>
> allow-recursion and allow-query-cache cross inherit.
> allow-recursion and allow-query-cache inherit from allow-query
> if neither is set and allow-query is set.
>
Thanks for clearing that up.
--
Cheers
Res
mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';
More information about the bind-users
mailing list