Re: 3rd party CNAMEs and open recursion

2013-03-05 Thread Chris Buxton
On Mar 4, 2013, at 10:43 AM, Verne Britton wrote: > > I have been testing and testing and either just don't see what I'm doing > wrong, or have a learning block :-) > > current thinking is that a open recursion DNS server is bad, so we want to > implement an allow-recursion clause; perhaps eve

Re: 3rd party CNAMEs and open recursion

2013-03-04 Thread btb
On Mar 4, 2013, at 15.26, Verne Britton wrote: > > On 3/4/2013 2:45 PM, Barry Margolin wrote: >> In article , >> Verne Britton wrote: >> >>> I have been testing and testing and either just don't see what I'm doing >>> wrong, or have a learning block :-) >>> >>> current thinking is that a o

Re: 3rd party CNAMEs and open recursion

2013-03-04 Thread Vernon Schryver
> > On 3/4/2013 3:26 PM, Verne Britton wrote: > > 1. serve the A records as authoritative > > 2. somehow handle resolutions coming at me for the CNAMEs > > 3. not have a public open recursive server > From: Kevin Darcy > You can achieve all of that as long as you provide recursive service > on

Re: 3rd party CNAMEs and open recursion

2013-03-04 Thread Kevin Darcy
On 3/4/2013 3:26 PM, Verne Britton wrote: On 3/4/2013 2:45 PM, Barry Margolin wrote: In article , Verne Britton wrote: I have been testing and testing and either just don't see what I'm doing wrong, or have a learning block :-) current thinking is that a open recursion DNS server is bad

Re: 3rd party CNAMEs and open recursion

2013-03-04 Thread John Miller
On 03/04/2013 03:26 PM, Verne Britton wrote: my test server (its up and down a lot) is at yournameserver with these two test zones ... what I want to be able to do is: 1. serve the A records as authoritative Looks like it's working in that regard: jm@workstation:~$ dig +norecurse @yournamese

Re: 3rd party CNAMEs and open recursion

2013-03-04 Thread Verne Britton
On 3/4/2013 2:45 PM, Barry Margolin wrote: > In article , > Verne Britton wrote: > >> I have been testing and testing and either just don't see what I'm doing >> wrong, or have a learning block :-) >> >> current thinking is that a open recursion DNS server is bad, so we want to >> implement a

Re: 3rd party CNAMEs and open recursion

2013-03-04 Thread Barry Margolin
In article , Verne Britton wrote: > I have been testing and testing and either just don't see what I'm doing > wrong, or have a learning block :-) > > current thinking is that a open recursion DNS server is bad, so we want to > implement an allow-recursion clause; perhaps even make some view

3rd party CNAMEs and open recursion

2013-03-04 Thread Verne Britton
I have been testing and testing and either just don't see what I'm doing wrong, or have a learning block :-) current thinking is that a open recursion DNS server is bad, so we want to implement an allow-recursion clause; perhaps even make some views so our local users still recurse while the