On 6/12/2012 10:16 AM, Vernon Schryver wrote:
From: Ken A<k...@pacific.net>
To: dns-operati...@mail.dns-oarc.net
On a authoritative + recursive server, instead of a separate view, we use:
acl "trusted" { x.x.x.x/z; };
allow-recursion { trusted; };
Is there any way to apply this patch so that it does not affect a
specific acl, such as "trusted" addresses?
Or, is it recommended/required that we configure separate views to use this?
Separate views are required to apply rate limiting to some but not
all DNS clients, unless you are of the school that holds
authoritative+recursive servers are always utterly wrong. In that
case separate servers are required.
We are a small ISP, and it has not be necessary.
We do run separate caching servers for mail server use.
Would it be easy to transform your configuration file to use views via
the include directive? My named.conf files look something like
view "insiders" {
match-clients { goodnets; };
recursion yes;
include "privatezones";
include "publiczones";
response-policy {
...
};
};
view "outsiders" {
match-clients { any; };
recursion no;
include "publiczones";
rate-limit { ... };
};
Yes, only straight forward / minor changes would be needed.
Thanks,
Ken
Vernon Schryver v...@rhyolite.com
--
Ken Anderson
Pacific Internet - http://www.pacific.net
Latest Pacific.Net Status - http://twitter.com/pacnetstatus
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
