[sclug] BIND 9 returns empty response instead of REFUSED for non-hosted zones
Simon Huggins
huggie at earth.li
Fri Nov 7 13:57:38 UTC 2008
On Fri, Nov 07, 2008 at 01:34:13PM +0000, Simon Huggins wrote:
> On Fri, Nov 07, 2008 at 01:51:33PM +0100, Simon Heywood wrote:
> > I can't work out why the second request isn't replied to with an error
> > code, but I suspect that it's something to do with ns0 being configured
> > to allow recursive requests from certain IP addresses, using views.
> > view "recursion" {
> > match-clients { recursion; };
> > recursion yes;
> > // root zone hints and local zone declarations
> > }
> > view "public" {
> > match-clients { any; };
> > recursion no;
> > // public zone declarations
> > }
> I've not played with views.
> How about:
> allow-recursion { some-hosts-here; };
> allow-query { some-hosts-here; };
> in the options stanza and allow-query { all; }; in each zone you really
> do want to be public.
> You might be able to have allow-query { all; }; in the options but I
> can't remember if that DTRT without testing it.
> Does that do what you want?
Oh, without the views I mean.
--
Simon [ huggie at earth.li ] *\ "Fun, fun, fun, in the sun, sun, \**
****** ]-+-+-+-+-+-+-+-+-[ **\ sun..." \*
****** [ Htag.pl 0.0.24 ] ***\ \
More information about the Sclug
mailing list