Evolution of Resolvers
Thomas Duterme
thomas at madeforchina.com
Thu Dec 7 16:27:15 UTC 2000
Hi all,
Thank you Mathias for all your help regarding Query
Restrictions. I wanted to reopen
a point he brougtht up to me to the list: the evolution of
Resolvers.
Myself being anal-retentive and over-protective of my
servers, I'd like to lock out
anyone who shouldn't be using my server to lookup names.
Specifically, I'd like to kick
out clients who don't have my permission to use my
nameserver.
so I do something like this:
options {
allow-query { my_machines; };
allow-recursion { my_machines; };
};
then in the specific zones I'm authoritative for,
I overwrite the allow-query statement:
zone "madeforchina.com" in {
allow-query { any; };
type master;
file "pri/madeforchina.com";
};
Now, Mathias brought up a good point about this. If there
exists stupid resolvers
out there who don't understand the 'Query Refused' response,
and keep hammering
my machine, perhaps it would be safer to just pass the
reference to root through a
non-recursive response. Has anyone had experience with kind
of scenario? Any ideas or
comments?
Thanks,
Thomas
More information about the bind-users
mailing list