allow-query for a zone
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Jan 17 08:44:08 UTC 2012
>>Whether you set allow-query to none, or remove the zone statement,
>>clients will get an error when they try to query the zone.
On 17.01.12 14:13, Jeff Peng wrote:
>There is a difference when you develop a web interface for DNS system.
>A user can "pause" the domain from web interface, if we remove the
>zone and records from BIND files, how will we do if user choose to
>enable the domain?
simply: instead of adding "allow-notify {none;};" when user pauses a
zone, you remove whole zone definition from the config file. When user
unpauses, you will re-add the zone to bid config
>But with allow-query none, only adding a statement we can "pause" the
>domain for querying, but can re-enable it by removing this statement
>later.
The zone can stay on disk, in database etc, even when "paused".
You still need to edit the config file, so there's not big difference.
There's one Barry mentioned: With allow-query_none anyone who queries
will get REFUSED, when you remove the zone definition they'll get
SERVFAIL or maybe NXDOMAIN
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.
More information about the bind-users
mailing list