I'm using 9.3.4-P1 (backported for the exploit) on RHEL5 so had to do it this way. For later BIND versions you're correct based on the reading I did at the time.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Margolin Sent: Wednesday, July 30, 2008 10:55 PM To: [email protected] Subject: Re: Preventing recursion ... (preventing confusion?) In article <[EMAIL PROTECTED]>, "Jeff Lightner" <[EMAIL PROTECTED]> wrote: > On my RHEL5 box the way I insured neither cache lookups nor recursive > lookups would work for outsiders was modify named conf to have: > > 1) options section: > allow-query { internaldns; externaldns; }; > allow-recursion { internaldns; externaldns; }; Of course, if you're restricting allow-query, you don't need to specify allow-recursion. Allow-recursion is only needed when it's more restrictive than allow-query. -- Barry Margolin, [EMAIL PROTECTED] Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ---------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ----------------------------------
