allow-query and views
Vernon Schryver
vjs at rhyolite.com
Thu Feb 21 16:50:17 UTC 2013
> > correct, no external hosts should query your cache.
> >
> OK.
There is no substitute for testing assumptions, mailing list assurances,
understandings of documentation, etc. Test from outside your network
to see that your DNS servers don't answer requests they shouldn't and
answer those they should as they should (e.g. with(out) consulting the
cache).
Don't forget to check `dig @whatever chaos txt version.bind` whether
your preference is to publish your version, hostname, and server-ID
or not. Restrictions such as allow-query{} in the main options{}
statement can turn off the hidden "_bind" view defined in
bin/named/config.c.
https://www.google.com/search?q=dig+command+web
finds at least three web pages with loose enough parsing to allow not
only simply requests for A records but poking at chaos, so you don't
need to pay for a shell account somewhere or rely on charity.
Vernon Schryver vjs at rhyolite.com
More information about the bind-users
mailing list