high volume from outside our networks question

[rich carroll]

 acl "trusted" {
     xxx.xxx.xxx.0/20;
     xxx.xxx.xxx.0/23;
     xxx.xxx.xxx.0/22;
     xx.xxx.xxx.0/23;
     xx.xxx.xxx.0/23;
     xx.xxx.xxx.0/23;
     x.xx.xxx.0/21;
     x.xx.xx.0/24;
     xxx.xxx.xxx.0/24;
     localhost;
     localnets;
 };

options {
    // Relative to the chroot directory, if any
    directory    "/etc/namedb";
    pid-file    "/var/run/named/pid";
    dump-file    "/var/dump/named_dump.db";
    statistics-file    "/var/stats/named.stats";
    allow-recursion { "trusted"; };
    allow-query    { any; };
    allow-query-cache { "trusted"; };

Its standard conf with the default stuff in it as well as a 24 zones or so
in it.



On Wed, Jan 30, 2013 at 3:30 PM, Steven Carr <sjcarr at gmail.com> wrote:

> So the response you received wasn't recursed ";; WARNING: recursion
> requested but not available", so at least that ACL is holding up, but
> it could be that the response you got is still being served from your
> DNS server's cache. Can you share the exact configuration statements
> you have implemented for allow-recursion and allow-query-cache and are
> these options in the view stanza or in the global options?
>
> Best practice is that authoritative and recursive DNS servers should
> be completely separate.
>
> Steve
>



-- 
Richard Carroll
richcarroll at gmail.com
785-288-1144
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130130/4a7d0dcb/attachment.html>