I have been testing and testing and either just don't see what I'm doing wrong, or have a learning block :-)
current thinking is that a open recursion DNS server is bad, so we want to implement an allow-recursion clause; perhaps even make some views so our local users still recurse while the general public cannot ... but I am running into a roadblock with our Google Apps cname: gmail.wvstateu.edu is a cname to ghs.google.com and bind wants recursion turned on in order to translate it. (actually we have a number of 3rd party CNAMEs; Google Apps have the most widespread usage) I thought additional-from-auth would fix it up in a view, but either I do not understand additional-from-auth, or it does not work. I also played around with a 2nd local server, testing with a forwarding zone as well as a stub zone ... no luck my most recent testing is with bind 9.8.2 on Oracle Linux 6.3 64bit ... installed via yum from the Oracle Linux repositories (Oracle Linux is very very close if not a duplication, of the Red Hat distribution) I am starting to read up on RPZ but don't know if that will help any ... thoughts anyone? Verne -------------------------------------------------------------------- Verne Britton, Lead Systems Programmer voice: (304) 293-5192 x230 Systems Support Group (in WV, call 1-800-253-1558) West Virginia Network for FAX: (304) 293-5540 Educational Telecomputing ve...@wvnet.edu 837 Chestnut Ridge Road http://myweb.wvnet.edu/~verne Morgantown, WV 26505 http://www.wvnet.edu _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users