From owner-freebsd-security  Mon Apr 22 13:54:54 2002
Delivered-To: freebsd-security@freebsd.org
Received: from java2.dpcsys.com (java2.dpcsys.com [206.16.184.5])
	by hub.freebsd.org (Postfix) with ESMTP id 05A9137B78D
	for <freebsd-security@FreeBSD.ORG>; Mon, 22 Apr 2002 13:52:15 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by java2.dpcsys.com (8.11.1/8.11.1) with ESMTP id g3MKolD61068;
	Mon, 22 Apr 2002 13:50:47 -0700 (PDT)
Date: Mon, 22 Apr 2002 13:50:47 -0700 (PDT)
From: Dan Busarow <dan@dpcsys.com>
To: Jim Flowers <jflowers@ezo.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: DNS Question
In-Reply-To: <20020422123827.M47851@ezo.net>
Message-ID: <Pine.BSF.4.21.0204221349230.41541-100000@java2.dpcsys.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Apr 22, Jim Flowers wrote:
> That is true, of course but you can't turn recursion off when you are using a 
> single server for both resolver service (for trusted hosts) and general 
> lookup service for the world-at-large for your authoritative zones.

Sure you can.

allow-recursion {
   192.168.1.0/21;
};

limits recursive queries to the specified network.  Outside queries
will be limited to those you are auth for.

Dan
-- 
 Dan Busarow                                                  949 443 4172
 Dana Point Communications, Inc.                            dan@dpcsys.com
 Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message