[lug] IS allow-recursion; WAS Logging with Bind 8
charles at lunarmedia.net
charles at lunarmedia.net
Sun Dec 30 16:37:16 MST 2001
>
> You may also want to use the 'allow-recursion' option, so that others will
> not be able to use your server as their name server. Not a big deal, but a
> good idea. Also helps in preventing a possible DOS:
>
> allow-recursion {
> net/bit;
> };
>
> Same syntax as the rest -- goes in the options section.
>
this raises my eyebrow. i don't use allow-recursion simply
because i only allow queries from a select group of hosts.
allow-query { 10.10.220/24; 127.0.0.1; };
then, for each domain the server is authoritative for, i
add in
allow-query { any; };
would the allow-recursion add any additional benefit with a
scheme such as the above already in place?
-c
More information about the LUG
mailing list