query cache and BIND 9.4.1-P1
Andris Kalnozols
andris at hpl.hp.com
Fri Jul 27 19:59:18 UTC 2007
> I realize that we're basically saying the same thing - explicitly allow
> recursion, or explicitly allow queries. However, the point is that with
> this release, admins may well have to make a change to named.conf in
> order to continue providing a recursive nameserver.
>
> Jeff Reasoner
Also, you want to be careful not to accidentally provide an open
recursive nameserver when upgrading to 9.4.X. I was refusing
outside queries with this configuration in the "options" statement
on the DNS resolver used by internal clients:
recursion yes;
allow-query ( trusted-nets; };
After upgrading to 9.4.0, all I was refusing were queries to my
authoritative zones. All other queries from the Internet were
being serviced. Adding "allow-query-cache ( trusted-nets; };"
put the nameserver back to its previous behavior.
------
Andris
More information about the bind-users
mailing list