bind dns recursion, is this supposed to do that?
Hey all .... setting up 2 bind servers to replace some older ones, these we wish to allow recursion only to our local box's. That is setup and seems to be working well, but here is the question (it might be a flag, setting or just something I am missing )
options look as followed;
directory "/var/named";
zone-statistics yes;
notify no;
transfer-format many-answers;
max-transfer-time-in 60;
allow-recursion { ip_range/26; };
If I restart named on the box, goto a machine off (ip_range) and do a dig @newserver yahoo.com it gives me the list of root servers, and that will happen over and over. If I query that box with a machine on that iprange network dig @newserver yahoo.com I get the reply with the answers. If I jump back to the off network machine and query it again for yahoo, I get the answers this time (as opposed to the root servers)
Is there a way not to allow others to get responses for servers he is not authoritative for?
Thanks.
Edit/Delete Message
|