Recursive query
Barry Margolin
barmar at alum.mit.edu
Mon Aug 15 23:26:55 UTC 2005
In article <ddqic0$1b49$1 at sf1.isc.org>,
Hisham Al Saad <hisham.alsaad at gmail.com> wrote:
> Hi,
>
> I'm running BIND 9.2.5 on a linux server, currently recursion is
> allowed for all, i need to allow it to do global recursive queries
> only from my specific set of authorized networks (clients).
> At the same time i need to allow all foreign addresses to query my local zo=
> nes.=20
> Is all what i have to do here is to add an allow-recursion statement
> and list all my networks ??
That will work. However, it has a drawback: if one of the authorized
hosts performs a recursive query, and then one of the unauthorized hosts
tries to look up that record, the latter query will be satisfied from
the cache (because the server doesn't need to do any recursion).
A more complete solution is to use allow-query in the global options,
listing your authorized networks. Then in each public zone section add
'allow-query { all; };'.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list