[Fedora] Re: bind lame servers

[Tim]

On Thu, 2007-05-24 at 22:24 -0500, Jason L Tibbitts III wrote:
> You should not allow recursive queries from outside of your network.

Or any queries, depending on your network.  If you don't need to provide
any outsider access to it, then don't.

> I do this by having an internal view with a "match-clients" set to my
> internal network, and then later a default view with
>   match-clients { any; };
>   recursion no;
> although I suspect this is not the simplest way to accomplish this
> because it necessitates duplicating all of the zone declarations that
> are visible in both views. 

You'd, generally, use "views" for when you provide different answers to
different clients.  The solution could be a general allow query control.

-- 
(This box runs FC6, my others run FC4 & FC5, in case that's
 important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.