Re: bind9 allow-query
Michael Kostylev -> debian-russian@lists.debian.org @ Sat, 20 Jul 2013 14:54:18 +0400:
>> allow-query
>>
>> Specifies which hosts are allowed to ask ordinary DNS
>> questions. allow-query may also be specified in the zone statement,
>> in which case it overrides the options allow-query statement. If not
>> specified, the default is to allow queries from all hosts.
>>
>> Note
>>
>> allow-query-cache is now used to specify access to the cache.
>>
>> Как же так, дорогая редакция? Такое, гм, недокументированное поведение
>> вообще где-то документировано, или как?
MK> HISTORY:
MK> New option "allow-query-cache". This lets "allow-query"
MK> be used to specify the default zone access level rather
MK> than having to have every zone override the global value.
MK> "allow-query-cache" can be set at both the options and view
MK> levels. If "allow-query-cache" is not set then "allow-recursion"
MK> is used if set, otherwise "allow-query" is used if set
MK> unless "recursion no;" is set in which case "none;" is used,
MK> otherwise the default (localhost; localnets;) is used.
MK> bin/named/server.c:
MK> * "allow-query-cache" inherits from "allow-recursion" if set,
MK> * otherwise from "allow-query" if set.
MK> * "allow-recursion" inherits from "allow-query-cache" if set,
MK> * otherwise from "allow-query" if set.
Ага, спасибо. Это отражено в документации, но найти этот момент трудно.
Reply to: