If I set this up as follow, it works.
view bind chaos {
recursion no;
allow-query { 127.0.0.1; none; };
zone authors.bind ch { type master; database "_builtin authors"; };
zone hostname.bind ch { type master; database "_builtin hostname"; };
zone version.bind ch { type master; database "_builtin version"; };
zone id.server ch { type master; database "_builtin id"; };
};
Queries from 127.0.0.1 are answered correctly, queries from anywhere else
are met with a REFUSED reply.
However, the answers show as coming from view "bind" in the statistics.
There is also a view named "_bind" which seems to serve those same zones.
(named won't start if I try to name the view "_bind".)
I can get answers from the zones in view "_bind" if I accept/reject via the
match-clients statement. If I also remove the zones from view "bind", it
returns a SERFAIL to queries for selected devices in that view of class
chaos. I think I understand this last one.
Setting recursion off does not seem to affect the warning message generated
by omitting the root hints zone for class chaos.
Bob
On Wed, Aug 26, 2015 at 5:50 AM, Bob McDonald <bmcdonal...@gmail.com> wrote:
> The warning is issued either way (with or without recursion specified).
> But I see the logic in not needing it if recursion is set to no.
>
> Thanks again,
>
> Bob
>
> On Wed, Aug 26, 2015 at 5:45 AM, Tony Finch <d...@dotat.at> wrote:
>
>> Bob McDonald <bmcdonal...@gmail.com> wrote:
>> >
>> > I'd still include the hint zone (as I'm partial to not having
>> unnecessary
>> > warnings on startup).
>>
>> The "recursion no" directive means you shouldn't have a hint zone in that
>> view. (I don't know if it will complain about the inconsistency.)
>>
>> > Also a lot of folks use localhost and/or localnets in DNS configuration.
>> > Just from a security standpoint, I prefer to be more specific. localhost
>> > and/or localnets can be much more template friendly, I know.
>>
>> I just used them as placeholders since they are used in the default ACLs
>> :-)
>>
>> Tony.
>> --
>> f.anthony.n.finch <d...@dotat.at> http://dotat.at/
>> Viking, North Utsire: Easterly 4 or 5, increasing 6 at times. Slight or
>> moderate, but rough in southwest Viking. Showers later. Good, occasionally
>> poor later.
>>
>
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
