OK, so I'm not running *real* BIND, but Redhat's "special" version (bind-9.2.4-22.el3). On my authoritative servers, I have allow-query set to 'any' (has to be that, of course) and allow-recursion set to an acl that allows just our inside networks.
I *thought* that would allow folks to look up zones for which we were authoritative and give the e-finger to anyone off-campus asking for anything else. Apparently that's not quite the case. When I dig for, say, google.com from off-campus against my nameservers, I get one of two kinds of answers: From my master, I get A, NS, and glue for google.com. From my slaves, I get NS and glue only. I thought, that by setting allow-recursion to my own little part of the world, that any request for zones which I'm not authoritative would just get (pick your analogy) a blank stare or the e-finger? So, am I 1) confused about allow-recursion, 2) not correctly configured (see also #1) or 3) looking at a bug in RH's diddling of BIND? Peter -- Peter Laws / N5UWY National Weather Center / Network Operations Center University of Oklahoma Information Technology [EMAIL PROTECTED] ----------------------------------------------------------------------- Feedback? Contact my director, Craig Cochell, [EMAIL PROTECTED] Thank you!
