Hi Kevin,
I followed your advice and I explicitly added:
recursion yes;
allow-recursion { custnets; };
I'm using MRTG for interface bandwidth monitoring and Smokeping for time
response on queries and all look the same as before. So, so far so good!
Thank you!
Julian
----- Original Message -----
From: "Kevin Darcy" <k...@chrysler.com>
To: <bind-users@lists.isc.org>
Sent: Wednesday, March 10, 2010 4:54 PM
Subject: Re: recursion
On 3/10/2010 4:45 PM, ic.nssip wrote:
I've got the idea!
So even I have no statement "recursion yes", the server is still
recursive as time I dont specify "recursion no;"
It is going to make no difference if I'll add "recursion yes;" on
options.
No difference.
Is "localnets" a term I really need to use?
It's predefined. Read the ARM.
Currently I'm using an ACL defined for "acl custnets { x.x.x.x; };" and
"allow-query { custnets; };"
Should I change the name "custnets" to "localnets"?
If they're numerically the same thing, then it would just be a matter of
personal preference. If they're different, then it would depend on one's
implementation requirements whether it's ok to switch one for the other.
We don't have enough information about your implementation requirements to
give a definitive answer one way or the other.
Note that both "localnets" and "localhost" can change dynamically, if
network interfaces are brought up and/or taken down.
Is my customized name "custnets" going to affect recursion in any way if
I use it instead of "localnets"?
If running BIND 9.4.x or higher, "allow-query { custnets; }" will affect
one's allow-recursion default if "custnets" is (or _becomes_, as a result
of interfaces being brought up and/or taken down) in any way numerically
different from "{ localnets; localhost; }".
(Of course, a query that's REFUSED will never get a chance to recurse, but
one can override a *global* allow-query at the zone level, so it still
makes sense for allow-recursion to cross-inherit from allow-query)
If all of this is confusing, then I would recommend explicitly setting all
of them -- allow-query, allow-query-cache, allow-recursion. Then you don't
need to constantly guess at what is inheriting from where.
-
Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users