BIND 9.4.1-P1: "allow-query" and "allow-query-cache"

[Mark Andrews]

> I've recently gotten around to upgrading from BIND 8.3.7-REL to BIND  
> 9.4.1-P1.  I would like to have a better understanding of the "allow- 
> query" and "allow-query-cache" options.
> 
> Assuming that I have "allow-query { any; };" and "allow-query-cache  
> { none; };" set in the global options for a name server, what  
> information can an external system access on the name server?
> 
> I presume that the external system can access information regarding  
> any zone defined as "type master;".  Does this hold true when there  
> are no NS resource records identifying the name server as  
> authoritative for the zone?
> 
> Can external systems access information regarding any zone defined as  
> "type slave;"?  Again, does this hold true when there are no NS  
> resource records identifying the name server as authoritative for the  
> zone?

	master/slave zones inherit allow-query from the options /
	view level.

	I presume you mean no delegation to these servers rather
	than no NS records as the zones won't load without NS record.
	Lack of delegation has no impact on whether named will answer
	for the zone or not.  Only the contents of named.conf control
	that.

> What information is accessible for zones defined as "type stub;" and  
> "type forward;"?

	Stub zones prime the cache, forward zones only override where
	recursive queries are sent.  They aren't real zones.
 
> Merton Campbell Crockett
> m.c.crockett at roadrunner.com
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org