Allowing recursion for a single zone in external view

Hi,



I'm having some trouble with named.. I set up the external and interview view of a domain to use forwarding. It was working for the internal view, but not the external one. Querying the server with nslookup returns "Query denied".



I think it has something to do with recursion. This isn't allowed on the external view, but is allowed for the internal view.



Is it possible to set it up to allow it so that recursion is allowed on a per-zone basis?

"Is it possible to set it up to allow it so that recursion is allowed on a per-zone basis?

" -yes, you probably have a typo in your named.conf assuming your talking about bind 9. post your config (the relevant part)so we can help



Also, generaly you don't want to allow recursion on the out side(publicly accessible) , as it makes you network vulnerable to DDOS attacks and the like. (as in your server could be used as a relay)

Sounds to me like you're doing a DNS-based website restriction policy. Basically you don't want the dns clients access to any website except for the ones you list as recursive-allowed. It is easy to work around such dns filters by configuring the dns local to the client. I recommend that you configure the outgoing firewall filters at the gateway to the internet to prevent access rather than use DNS to do so.