allow query / allow recursion confusion

[Barry Margolin]

In article <f5psrm$1etd$1 at sf1.isc.org>,
 "Clenna Lumina" <savagebeaste at yahoo.com> wrote:

> Yet another reason to use "recursion " inside a view that uses 
> "match-clients " rather than adding a allow-(recursion|query[-cache]) 
> statements in each one, unless you need eahc of those types set to 
> specific values.

If you're already using views and your recursion ACL matches your view 
ACL, then this is correct.  And because each view has its own cache, you 
don't have to use allow-query-cache to block access to the cache for 
non-recursers.

But if you're not using views, I don't think you would want to use them 
just to be able to allow/block recursion selectively.  This is what 
allow-recursion and allow-query-cache are for.

The view mechanism is likely to be appropriate for a server that's 
performing both split-DNS for the authoritative zones and caching DNS 
for the internal users.  The allow-recursion/allow-query-cache mechanism 
is likely to be best for caching-only servers.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***