views problem- Nameserver cannot resolve properly
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Fri Aug 30 04:42:14 UTC 2002
>
>
>
> On 30 Aug 2002 at 13:27, Mark_Andrews at isc.org wrote:
>
> >
> > >
> > > Hello,
> > >
> > > I am trying to set up views on our main DNS server.
> > > apollo is our nameserver.
> > > We are using bind v9.2.1 on RedHat 7.2.
> > >
> > > It will use the external view for its own resolution of domains we
> > > host.
> > >
> > > It resolves domains it hosts correctly:
> > > [root at apollo etc]# host aot.com.au
> > > aot.com.au has address 203.44.223.3
> > > (this is the IP address of aot.com.au in the external view)
> > >
> > > However, it does not resolve domains it does not host:
> > > [root at apollo etc]# host qr.com.au
> > > [root at apollo etc]# host hotmail.com
> > > [root at apollo etc]#
> >
> > You problem is that recursion is off in the external view.
> >
>
> thanks for the pointer. i see the problem now.
>
> what is best practice? Have recursion on in external views or leave it off
> so that external hosts cannot use our server for lookups and have an
> allow_recursion list in the options, which would specify our nameserver?
>
> cheers,
>
> adrian
You can use a acl w/ allow-recursion or allow-query (if you use
allow-query don't forget to specify allow-query { any; }; in the
zone definitions).
Mark
>
>
> > Mark
> > --
> > Mark Andrews, Internet Software Consortium
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
> >
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list