In article <h0253r$e4...@sf1.isc.org>, dantian...@optusnet.com.au
wrote:
> Hi,
> I have a bind server I now use as a caching.
>
> In allowing my work desktop to access i found that it was being refused using
> allow-query, but if i add it to recursion it works, have i mis-understood the
> use of allow-query? The Bind Admin Manual seems to say what I thought use it
> to allow those to query your server.
>
> acl "trust" { localhost; localnets; 192.168.0.0/24; 202.149.56.199; };
> options {
> directory "/var/named/zones";
> allow-query { trust; };
> allow-query-cache { trust; };
> allow-transfer { none; };
> allow-recursion { admin; };
> listen-on { any; };
> transfer-format many-answers;
> interface-interval 0;
> };
>
>
> Now this works well for LAN, but 202.149.. can not get answer, If I change
> ACL admin to trust it works (only difference between them is 202 IP is not in
> admin)
>
> So this I ask, does mean allow-query is useless now days?
> Or is this only of any use if my server is also authoritative ?
> Do I even need query since recursive decides who can query my server?
Allow-query allows the clients to query the zones that your server is
authoritative for.
Allow-recursion allows them to request recursion, which is needed to
look up names in remote zones.
Allow-query-cache allows them to query the data that's in the cache due
to some client previously requesting recursion.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
