allow-query for a zone
John Wobus
jw354 at cornell.edu
Fri Jan 20 17:23:48 UTC 2012
> Actually, I just realized a possible counterexample: if the zone is a
> subzone of another zone that the server hosts, the type of error
> depends
> on the strategy used. With the zone statement, the error will be
> REFUSED; without the zone statement, it will be SERVFAIL because of
> the
> lame delegation to itself.
And if it's your caching server, and the zone is delegated elsewhere,
depending upon whether the zone is configured as discussed (allow-
query=none)
or not configured at all, you are giving your clients a REFUSED or you
are
answering them with cached data. One possible way to implement
policy, e.g.
to make it less likely to reach known phishing sites.
John Wobus
Cornell
More information about the bind-users
mailing list