allow-recursion for internal hosts resolves cached queries for externals.
Barry Margolin
barry.margolin at level3.com
Wed Oct 15 18:33:32 UTC 2003
In article <bmk0a9$15uk$1 at sf1.isc.org>,
oliver bril <oliver_bril at hotmail.com> wrote:
>Here is the problem:
>
>When an "internal" host resolves for instance hotmail.com this is
>cached by bind. When i resolve hotmail.com on an external host (not
>defined in the acl) it also resolves hotmail (think because it's in
>it's cache.)
>
>when i flush my cache and do the query from an external host to
>hotmail again it just sais you should go to the root servers (which is
>good)
>
>Isn't this a bug because as far i understand the function shouldn't
>allow external hosts to resolve hotmail.com?(not even when it's is in
>the dns servers cache)
No, it doesn't allow them to initiate a recursive query. If the answer is
already in the cache, no recursive query is being done.
You can accomplish what you want by using allow-query instead of
allow-recursion:
options {
...
allow-query { internal; };
};
zone "firstdomain" {
...
allow-query { any; };
};
zone "seconddomain" {
...
allow-query { any; };
};
--
Barry Margolin, barry.margolin at level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list