[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9 allow-query

Michael Kostylev -> debian-russian@lists.debian.org  @ Sat, 20 Jul 2013 14:54:18 +0400:

 >> allow-query
 >>     Specifies which hosts are allowed to ask ordinary DNS
 >>     questions. allow-query may also be specified in the zone statement,
 >>     in which case it overrides the options allow-query statement. If not
 >>     specified, the default is to allow queries from all hosts.
 >>     Note
 >>     allow-query-cache is now used to specify access to the cache.
 >> Как же так, дорогая редакция?  Такое, гм, недокументированное поведение
 >> вообще где-то документировано, или как?


 MK>         New option "allow-query-cache".  This lets "allow-query"
 MK>         be used to specify the default zone access level rather
 MK>         than having to have every zone override the global value.
 MK>         "allow-query-cache" can be set at both the options and view
 MK>         levels.  If "allow-query-cache" is not set then "allow-recursion"
 MK>         is used if set, otherwise "allow-query" is used if set
 MK>         unless "recursion no;" is set in which case "none;" is used,
 MK>         otherwise the default (localhost; localnets;) is used.

 MK> bin/named/server.c:

 MK>          * "allow-query-cache" inherits from "allow-recursion" if set,
 MK>          * otherwise from "allow-query" if set.
 MK>          * "allow-recursion" inherits from "allow-query-cache" if set,
 MK>          * otherwise from "allow-query" if set.

Ага, спасибо.  Это отражено в документации, но найти этот момент трудно.

Reply to: