On 02/21/2013 02:16 PM, Vernon Schryver wrote:
The ARM says in part:
Built-in server information zones
The server provides some helpful diagnostic information through a
number of built-in zones under the pseudo-top-level-domain bind
in the CHAOS class. These zones are part of a built-in view (see
the section called "view Statement Grammar") of class CHAOS which
is separate from the default view of class IN; therefore, any
global server options such as allow-query do not apply the these
zones. If you feel the need to disable these zones, use the options
below, or hide the built-in CHAOS view by defining an explicit
view of class CHAOS that matches all clients.
Now that I read what I wrote, I see that it's wrong.
I found and just now verified that options{allow-query{}} affects
the _bind view at least in 9.10.0pre-alpha with the rrl and rpz2
patches. I found that feature (or perhap bug) when I decided to
stop hiding the version I use lest anyone think I don't do what I
advocate with BIND patches.
I don't know whether the bug is in the ARM or the code. If you
pick one, I can argue the other.
Well my named.conf now has in general options:
allow-query { localhost; };
allow-query-cache { localhost; };
recursion no;
And no access to the chaos zone from my testing out on the internet.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
