allow-query

[Barry Margolin]

In article <a9hqia$bqq at pub3.rc.vix.com>, Perry811 <mlbwong at yahoo.com> wrote:
>does the feature allow-query also block the normal usage of hostname
>-> IP resolution?

It blocks all types of queries.

>Let's say i put 1.1.1.0/24 to be allowed for queries, will it block
>1.1.2.2 from browsing web pages of a web server in 1.1.1.0/24 network
>or any legitimate network services (eg, smtp, ftp ...etc)?

The address of the web server is irrelevant.  If this nameserver is hosting
the domain that the web server's name is in, any query for that name coming
from outside 1.1.1.0/24 will not be answered (actually, it will respond to
them, but with a REFUSED error code and no data).

You might want to use allow-recursion instead of allow-query, or override
the global allow-query with "allow-query { any; }" in the zone statements
for the domains you're hosting.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.