query question
Kevin Darcy
kcd at daimlerchrysler.com
Tue Jul 31 21:37:58 UTC 2001
Even with recursion denied, the nameserver will still answer from cache however,
which uses more resources. Moreover, a REFUSED answer is significantly smaller
than a regular answer from cache or even a referral. So if you want to minimize
the impact on your nameserver and your network, allow-query restrictions are the
way to go, although as you pointed out, a little harder to configure/maintain than
allow-recursion.
- Kevin
Barry Margolin wrote:
> In article <9jktmv$o5c at pub3.rc.vix.com>,
> Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> >How do you expect to host a domain if you don't let everyone query your
> >nameserver?
> >
> >Set a global allow-query, restricted to only your internal clients, and
> >then override it with "allow-query { any; };" in each of the zones that
> >you host.
>
> A simpler solution is to use the allow-recursion option. Queries in
> domains you serve don't require recursion, while local clients' resolvers
> will send recursive queries.
More information about the bind-users
mailing list