> From: Ken A <k...@pacific.net>
> To: dns-operati...@mail.dns-oarc.net
> On a authoritative + recursive server, instead of a separate view, we use:
> acl "trusted" { x.x.x.x/z; };
> allow-recursion { trusted; };
>
> Is there any way to apply this patch so that it does not affect a
> specific acl, such as "trusted" addresses?
>
> Or, is it recommended/required that we configure separate views to use this?
Separate views are required to apply rate limiting to some but not
all DNS clients, unless you are of the school that holds
authoritative+recursive servers are always utterly wrong. In that
case separate servers are required.
Would it be easy to transform your configuration file to use views via
the include directive? My named.conf files look something like
view "insiders" {
match-clients { goodnets; };
recursion yes;
include "privatezones";
include "publiczones";
response-policy {
...
};
};
view "outsiders" {
match-clients { any; };
recursion no;
include "publiczones";
rate-limit { ... };
};
Vernon Schryver v...@rhyolite.com
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
