Preventing recursion ... (preventing confusion?)
Peter Laws
plaws at ou.edu
Wed Jul 30 16:10:32 UTC 2008
OK, so I'm not running *real* BIND, but Redhat's "special" version
(bind-9.2.4-22.el3).
On my authoritative servers, I have allow-query set to 'any' (has to be
that, of course) and allow-recursion set to an acl that allows just our
inside networks.
I *thought* that would allow folks to look up zones for which we were
authoritative and give the e-finger to anyone off-campus asking for
anything else.
Apparently that's not quite the case.
When I dig for, say, google.com from off-campus against my nameservers, I
get one of two kinds of answers: From my master, I get A, NS, and glue for
google.com. From my slaves, I get NS and glue only.
I thought, that by setting allow-recursion to my own little part of the
world, that any request for zones which I'm not authoritative would just
get (pick your analogy) a blank stare or the e-finger?
So, am I 1) confused about allow-recursion, 2) not correctly configured
(see also #1) or 3) looking at a bug in RH's diddling of BIND?
Peter
--
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws at ou.edu
-----------------------------------------------------------------------
Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank you!
More information about the bind-users
mailing list