allow query / allow recursion confusion
Clenna Lumina
savagebeaste at yahoo.com
Tue Jun 26 14:36:10 UTC 2007
Niall O'Reilly wrote:
> On 25 Jun 2007, at 17:32, Clenna Lumina wrote:
>
>> Apparently it does (see above.) I've proven it already.
>
> Ehhm, no. 8-)
>
> Your suggested proof seems to depend on an unstated assumption
> that there is only one cache, shared by both views.
>
> Formally, neglecting to state this assumption makes your proof
> invalid. Of course, it soesn't follow that your conclusion is
> false.
Well, my whole basis for doing the test really came about from this:
Barry Margolin wrote ( Message-ID: <f5cl8n$3qr$1 at sf1.isc.org> )
> The main difference is that if someone is not in the "allow-recursion"
> ACL they'll be allowed to query data that is already in your server's
> cache. So if an internal user looks up www.google.com, external users
> will be able to look this up until the cached record expires (and in
> the case of a popular name like this, it will probably be in cache
> most of the time).
END QUOTE
So you see, the original spark of my inventigation never said anything
about caches being able to be seperated. I didn't actually know that. I
just appeared that 'recursion no;' in one view was doing the trick,
which it effectively does.
> IIRC (and it's a while since I've done the reading) each view
> uses a separate cache. If so, then your conclusion is actually
> false.
Yes I didn't know that. Had I, I would of never used that test.
--
CL
More information about the bind-users
mailing list