allow-query and views
Robert Moskowitz
rgm at htt-consult.com
Thu Feb 21 17:53:26 UTC 2013
On 02/21/2013 11:50 AM, Vernon Schryver wrote:
>>> correct, no external hosts should query your cache.
>>>
>> OK.
> There is no substitute for testing assumptions, mailing list assurances,
> understandings of documentation, etc. Test from outside your network
> to see that your DNS servers don't answer requests they shouldn't and
> answer those they should as they should (e.g. with(out) consulting the
> cache).
I have external testing via my Verizon phone's WiFi hotspot. Very handy.
> Don't forget to check `dig @whatever chaos txt version.bind` whether
> your preference is to publish your version, hostname, and server-ID
> or not. Restrictions such as allow-query{} in the main options{}
> statement can turn off the hidden "_bind" view defined in
> bin/named/config.c.
Whow... This is news. A hidden view? Where is this documented. I
have no restrictions in my general options section. Figured that the
specific view ones were all that was needed. Now I am upset.
> https://www.google.com/search?q=dig+command+web
> finds at least three web pages with loose enough parsing to allow not
> only simply requests for A records but poking at chaos, so you don't
> need to pay for a shell account somewhere or rely on charity.
thanks
More information about the bind-users
mailing list