How to make bind 8.2.3 stop forwarding for non-customers?
Kevin Darcy
kcd at daimlerchrysler.com
Wed Aug 1 23:52:05 UTC 2001
Marc Haber wrote:
> Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> >You can set a global allow-query which only permits your network(s), and then
> >"allow-query { any; };" for each zone you host.
>
> Which is an option that I explicitly mentioned in my original article
> (flawed, of course, because I goofed when I wrote it), but I don't
> really like it. Is it really the only way?
You could use allow-recursion instead, but then you'd still give out cached
information, and your answers would be larger and resource consumption would be
higher (it doesn't take much to just send back a tiny REFUSED response). If
you're trying to conserve resources, allow-query is the best way.
- Kevin
More information about the bind-users
mailing list