On 3/28/23 6:30 AM, Matus UHLAR - fantomas wrote:
Great, this means that only clients with those IP addresses can query your server for non-local information.
I used to think the same thing.Then I learned that I needed to also add similar configuration for `allow-query {...};` and `allow-query-cache {...};`
The `allow-query-cache {...};` actually bit me because people were able to get the result of recursion if it was in the cache.
allow-recursion { recclients; };
allow-query { recclients; };
allow-query-cache { recclients; };
Something to consider.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
