[dns-operations] sophosxl.net problem?
Tony Finch
dot at dotat.at
Tue Nov 12 12:29:45 UTC 2019
James Stevens <js at jrcs.net> wrote:
>
> Would it be reasonable for an authoritative-only DNS Server to reject / ignore
> / throttle requests with RD=1 ?
I think for quite a long time my toy DNS server (which runs with an
appalling hodge-podge of patches) was running with a config something
like...
view rec {
match-recursive-only yes;
# stuff
};
view auth {
recursion no;
allow-recursion { none; };
zone dotat.at { /* ... */ );
# etc.
};
The effect was that recursive queries went to the rec view then got
rejected by an ACL; RD=0 queries went to the auth view which served my
zone to all comers. The only problem I noticed was RD=1 health checks from
one of my secondaries. My config now has a match-clients clause in the rec
view which works better all round.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
promote human rights and open government
More information about the dns-operations
mailing list