allow query or recursive?
Noel Butler
noel.butler at ausics.net
Tue Jun 2 22:29:13 UTC 2009
On Tue, 2009-06-02 at 13:08 +1000, dantian.ap at optusnet.com.au wrote:
> Hi,
> I have a bind server I now use as a caching.
>
> In allowing my work desktop to access i found that it was being refused using allow-query, but if i add it to recursion it works, have i mis-understood the use of allow-query? The Bind Admin Manual seems to say what I thought use it to allow those to query your server.
>
> acl "trust" { localhost; localnets; 192.168.0.0/24; 202.149.56.199; };
> options {
> directory "/var/named/zones";
> allow-query { trust; };
> allow-query-cache { trust; };
> allow-transfer { none; };
> allow-recursion { admin; };
> listen-on { any; };
> transfer-format many-answers;
> interface-interval 0;
> };
>
>
> Now this works well for LAN, but 202.149.. can not get answer, If I change ACL admin to trust it works (only difference between them is 202 IP is not in admin)
>
> So this I ask, does mean allow-query is useless now days?
> Or is this only of any use if my server is also authoritative ?
> Do I even need query since recursive decides who can query my server?
Chris summed it up well, so basically, remove the recursion control, yes
it defaults to allowing "any", but since your allow-query already guards
who can ask and get answers and who wont get answers, you don't really
need it, its over complicating your setup.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090603/e769c918/attachment.html>
More information about the bind-users
mailing list