[dns-operations] Why allow-query-cache (for BIND) is important

Tony Finch dot at dotat.at
Mon Jan 21 16:18:31 UTC 2013


On 21 Jan 2013, at 13:53, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> allow-recursion is not enough:
> 
> http://304geeks.blogspot.co.uk/2013/01/dns-scraping-for-corporate-av-detection.html

It is enough, since they both have the same settings unless you explicitly set both ACLs to different values.
https://kb.isc.org/article/AA-00503/0/Whats-the-difference-between-allow-query-cache-and-allow-recursion.html

Tony.
--
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130121/ce640d84/attachment.html>


More information about the dns-operations mailing list