following up on earlier comment, i poked at acls + recursion/query allows
modifying config
edit `named.conf`
```
view "internal" {
match-clients {
!key ...;
key ...;
acl_local_lan;
localhost;
};
recursion yes;
allow-query { acl_local_lan; localhost; };
allow-query-cache { acl_local_lan; localhost; };
- allow-recursion { any; };
+ allow-recursion { acl_local_lan; localhost; };
+ allow-recursion-on { any; };
+ allow-query-cache-on { any; };
```
does the trick. now,
```
$ named -v
BIND 9.21.15 (Development Release) <id:noscm>
$ dig A isc.org @::1
; <<>> DiG 9.21.15 <<>> A isc.org @::1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63799
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 0543abf580350cf201000000691e350ef8cf2de12853d4e4 (good)
;; QUESTION SECTION:
;isc.org. IN A
;; ANSWER SECTION:
isc.org. 300 IN A 151.101.194.217
isc.org. 300 IN A 151.101.2.217
isc.org. 300 IN A 151.101.66.217
isc.org. 300 IN A 151.101.130.217
;; Query time: 258 msec
;; SERVER: ::1#53(::1) (UDP)
;; WHEN: Wed Nov 19 16:22:22 EST 2025
;; MSG SIZE rcvd: 128
```
need to double-check, but suspect only `allow-recursion` is relevant.
so that's the "what".
i'm unclear still on the "why".
"{any;}" should be INclusive of "{ acl_local_lan; localhost; };", no?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list.
