recursion

[Cricket Liu]

Glenn Vidad wrote:
> is the log file the only place to look at to see if allow-recursion is
> working?
> i setup allow-recursion with my internal ips in them, stopped and
> started bind, and i see "denied recursion" messages in my log files...
> ...but i thought i would've been able to run dig's against our
> nameservers from a system not in the allow-recursion list and expect
> no results. i ran dig @ns1.domain.com domain2.com (from an outside
> iop) before and after 
> 
> placing the allow-recursive entry in my named.conf and the results
> stayed the same.  is that right?

You should still get a response, but the response should be a
referral if the name server isn't authoritative for the zone that
contains the answer.

If you'd showed us the real command you typed, instead of
this domain.com crap, as well as the output, we could have
been more helpful.

cricket

Men & Mice
DNS Software, Training and Consulting
www.menandmice.com

The DNS and BIND Cookbook, available now!
http://www.oreilly.com/catalog/dnsbindckbk/