On 3/28/23 6:30 AM, Matus UHLAR - fantomas wrote:
Great, this means that only clients with those IP addresses can
query your server for non-local information.
On 28.03.23 10:16, Grant Taylor via bind-users wrote:
I used to think the same thing.
Then I learned that I needed to also add similar configuration for
`allow-query {...};` and `allow-query-cache {...};`
allow-query-cache defaults to content of allow-recursion if only the latter
is defined.
allow-query is safe to configure if nobody is supposed to query your server
from outside - e.g. your server does not provide authoritative zones for
use from internet.
If your server has authroritative zones for internal use, yes, in such case
allow-query is good idea.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
