high volume from outside our networks question
rich carroll
richcarroll at gmail.com
Wed Jan 30 21:35:43 UTC 2013
acl "trusted" {
xxx.xxx.xxx.0/20;
xxx.xxx.xxx.0/23;
xxx.xxx.xxx.0/22;
xx.xxx.xxx.0/23;
xx.xxx.xxx.0/23;
xx.xxx.xxx.0/23;
x.xx.xxx.0/21;
x.xx.xx.0/24;
xxx.xxx.xxx.0/24;
localhost;
localnets;
};
options {
// Relative to the chroot directory, if any
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
allow-recursion { "trusted"; };
allow-query { any; };
allow-query-cache { "trusted"; };
Its standard conf with the default stuff in it as well as a 24 zones or so
in it.
On Wed, Jan 30, 2013 at 3:30 PM, Steven Carr <sjcarr at gmail.com> wrote:
> So the response you received wasn't recursed ";; WARNING: recursion
> requested but not available", so at least that ACL is holding up, but
> it could be that the response you got is still being served from your
> DNS server's cache. Can you share the exact configuration statements
> you have implemented for allow-recursion and allow-query-cache and are
> these options in the view stanza or in the global options?
>
> Best practice is that authoritative and recursive DNS servers should
> be completely separate.
>
> Steve
>
--
Richard Carroll
richcarroll at gmail.com
785-288-1144
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130130/4a7d0dcb/attachment.html>
More information about the bind-users
mailing list