allow-query for a zone

Warren Kumari warren at kumari.net
Tue Jan 17 18:46:40 UTC 2012 

On Jan 17, 2012, at 3:44 AM, Matus UHLAR - fantomas wrote:

>>> Whether you set allow-query to none, or remove the zone statement,
>>> clients will get an error when they try to query the zone.
> 
> On 17.01.12 14:13, Jeff Peng wrote:
>> There is a difference when you develop a web interface for DNS system.
>> A user can "pause" the domain from web interface, if we remove the zone and records from BIND files, how will we do if user choose to enable the domain?
> 
> simply: instead of adding "allow-notify {none;};" when user pauses a zone, you remove whole zone definition from the config file.


Or simply comment out the zone definition:

// example.com -- Zone stanza generated by WebUI
   zone "example.com" {
       type master;
       file "/etc/namedb/example.com";
   };


> When user unpauses, you will re-add the zone to bid config

// example.com -- Zone stanza generated by WebUI - paused.
//REMOVE_TO_UNPAUSE//   zone "example.com" {
//REMOVE_TO_UNPAUSE//        type master;
//REMOVE_TO_UNPAUSE//        file "/etc/namedb/example.com";
//REMOVE_TO_UNPAUSE//    };


> 
>> But with allow-query none, only adding a statement we can "pause" the domain for querying, but can re-enable it by removing this statement later.
> 
> The zone can stay on disk, in database etc, even when "paused".
> 
> You still need to edit the config file, so there's not big difference.
> 
> There's one Barry mentioned: With allow-query_none anyone who queries will get REFUSED, when you remove the zone definition they'll get SERVFAIL or maybe NXDOMAIN
> 
> 
> -- 
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Depression is merely anger without enthusiasm. _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

More information about the bind-users mailing list