[sclug] BIND 9 returns empty response instead of REFUSED for non-hosted zones
Simon Huggins
huggie at earth.li
Fri Nov 7 13:34:13 UTC 2008
On Fri, Nov 07, 2008 at 01:51:33PM +0100, Simon Heywood wrote:
> I can't work out why the second request isn't replied to with an error
> code, but I suspect that it's something to do with ns0 being configured
> to allow recursive requests from certain IP addresses, using views.
> view "recursion" {
> match-clients { recursion; };
> recursion yes;
> // root zone hints and local zone declarations
> }
> view "public" {
> match-clients { any; };
> recursion no;
> // public zone declarations
> }
I've not played with views.
How about:
allow-recursion { some-hosts-here; };
allow-query { some-hosts-here; };
in the options stanza and allow-query { all; }; in each zone you really
do want to be public.
You might be able to have allow-query { all; }; in the options but I
can't remember if that DTRT without testing it.
Does that do what you want?
Simon.
--
oOoOo But what if Sarris survives? - Mathesar oOoOo
oOoOo Oh, I don't think so. I gave him both barrels. - Jason oOoOo
oOoOo Galaxy Quest. oOoOo
htag.pl 0.0.24 ::::::: http://www.earth.li/~huggie/
More information about the Sclug
mailing list