In article <mailman.1592.1362422631.11945.bind-us...@lists.isc.org>, Verne Britton <ve...@wvnet.edu> wrote:
> I have been testing and testing and either just don't see what I'm doing > wrong, or have a learning block :-) > > current thinking is that a open recursion DNS server is bad, so we want to > implement an allow-recursion clause; perhaps even make some views so our > local users still recurse while the general public cannot ... > > but I am running into a roadblock with our Google Apps cname: > > gmail.wvstateu.edu is a cname to ghs.google.com > > and bind wants recursion turned on in order to translate it. What's the problem? If the query comes from a local user, recursion will be allowed, and the CNAME will be resolved. If the query comes from a remote resolver, recursion shouldn't even be requested. You'll respond with the CNAME, and the remote resolver will then do its own lookup of that. -- Barry Margolin Arlington, MA _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
