I have been testing and testing and either just don't see what I'm doing wrong,
or have a learning block :-)
current thinking is that a open recursion DNS server is bad, so we want to
implement an allow-recursion clause; perhaps even make some views so our local
users still recurse while the general public cannot ...
but I am running into a roadblock with our Google Apps cname:
gmail.wvstateu.edu is a cname to ghs.google.com
and bind wants recursion turned on in order to translate it.
(actually we have a number of 3rd party CNAMEs; Google Apps have the most
widespread usage)
I thought additional-from-auth would fix it up in a view, but either I do not
understand additional-from-auth, or it does not work.
I also played around with a 2nd local server, testing with a forwarding zone as
well as a stub zone ... no luck
my most recent testing is with bind 9.8.2 on Oracle Linux 6.3 64bit ...
installed via yum from the Oracle Linux repositories (Oracle Linux is very very
close if not a duplication, of the Red Hat distribution)
I am starting to read up on RPZ but don't know if that will help any ...
thoughts anyone?
Verne
--------------------------------------------------------------------
Verne Britton, Lead Systems Programmer voice: (304) 293-5192 x230
Systems Support Group (in WV, call 1-800-253-1558)
West Virginia Network for FAX: (304) 293-5540
Educational Telecomputing ve...@wvnet.edu
837 Chestnut Ridge Road http://myweb.wvnet.edu/~verne
Morgantown, WV 26505 http://www.wvnet.edu
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
