recursion
ic.nssip
ic.nssip at northwestel.net
Thu Mar 11 15:50:55 UTC 2010
Hi Kevin,
I followed your advice and I explicitly added:
recursion yes;
allow-recursion { custnets; };
I'm using MRTG for interface bandwidth monitoring and Smokeping for time
response on queries and all look the same as before. So, so far so good!
Thank you!
Julian
----- Original Message -----
From: "Kevin Darcy" <kcd at chrysler.com>
To: <bind-users at lists.isc.org>
Sent: Wednesday, March 10, 2010 4:54 PM
Subject: Re: recursion
> On 3/10/2010 4:45 PM, ic.nssip wrote:
>> I've got the idea!
>> So even I have no statement "recursion yes", the server is still
>> recursive as time I dont specify "recursion no;"
>> It is going to make no difference if I'll add "recursion yes;" on
>> options.
> No difference.
>>
>> Is "localnets" a term I really need to use?
> It's predefined. Read the ARM.
>>
>> Currently I'm using an ACL defined for "acl custnets { x.x.x.x; };" and
>> "allow-query { custnets; };"
>>
>> Should I change the name "custnets" to "localnets"?
> If they're numerically the same thing, then it would just be a matter of
> personal preference. If they're different, then it would depend on one's
> implementation requirements whether it's ok to switch one for the other.
> We don't have enough information about your implementation requirements to
> give a definitive answer one way or the other.
>
> Note that both "localnets" and "localhost" can change dynamically, if
> network interfaces are brought up and/or taken down.
>> Is my customized name "custnets" going to affect recursion in any way if
>> I use it instead of "localnets"?
>
> If running BIND 9.4.x or higher, "allow-query { custnets; }" will affect
> one's allow-recursion default if "custnets" is (or _becomes_, as a result
> of interfaces being brought up and/or taken down) in any way numerically
> different from "{ localnets; localhost; }".
>
> (Of course, a query that's REFUSED will never get a chance to recurse, but
> one can override a *global* allow-query at the zone level, so it still
> makes sense for allow-recursion to cross-inherit from allow-query)
>
> If all of this is confusing, then I would recommend explicitly setting all
> of them -- allow-query, allow-query-cache, allow-recursion. Then you don't
> need to constantly guess at what is inheriting from where.
>
> -
> Kevin
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list