James Stevens <[email protected]> wrote:
>
> Would it be reasonable for an authoritative-only DNS Server to reject / ignore
> / throttle requests with RD=1 ?
I think for quite a long time my toy DNS server (which runs with an
appalling hodge-podge of patches) was running with a config something
like...
view rec {
match-recursive-only yes;
# stuff
};
view auth {
recursion no;
allow-recursion { none; };
zone dotat.at { /* ... */ );
# etc.
};
The effect was that recursive queries went to the rec view then got
rejected by an ACL; RD=0 queries went to the auth view which served my
zone to all comers. The only problem I noticed was RD=1 health checks from
one of my secondaries. My config now has a match-clients clause in the rec
view which works better all round.
Tony.
--
f.anthony.n.finch <[email protected]> http://dotat.at/
promote human rights and open government
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
