On 25.01.10 17:14, Frank Stanek wrote: > we want to set up a DNS server (bind-9.4.3-P3) for the internal LAN only. > However for security reasons we need to only allow a few trusted systems > to resolve external host names (ie names we are not authoritative for): > * Trusted systems can resolve names from our zones _and_ external names > * All other systems can only resolve names from our zones
> However when we use a pac file or automatic proxy detection, the browsers > continually try to resolve the URL, receive "refused (recursion not > available)", the browser apparently needs to resolve the IP before itdesides whether to use proxy or not. It may be a problem of the .pac file. > Is there something fundamentally flawed with this configuration, ie is there > a better way to do this? We have tried using views but essentially we only > put recursion no; in one view and recursion yes; in the other which comes > down to the same thing. I have also inquired on the Firefox mailing list > about why the browsers behave this way (try to resolve forever when they > shouldn't need to) but have not received a reply yet. check the .pac content. If you use IP's in it, they are probably going to get resolved from given hostname. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
