Allow MIT-only recursion and add logging

I'm not sure what the motivation for either of these were (changes made Feb
24).

diff --git a/named.conf.local b/named.conf.local
index 3a1101b0ff626afb43ffb5f135db4c077072a6a5..d6bd61a281ad034bf2df5263e3e77fdaa07c69ce 100644 (file)
--- a/named.conf.local
+++ b/named.conf.local
@@ -28,3 +28,13 @@ zone "dehnerts.com" IN {
        allow-query { any; };
        notify no;
 };
        allow-query { any; };
        notify no;
 };

+
+logging {
+    channel query.log {
+        file "/var/log/query.log";
+        // Set the severity to dynamic to see all the debug messages.
+        severity debug 3;
+    };
+
+    category queries { query.log; };
+};

diff --git a/named.conf.options b/named.conf.options
index 1a11b5fb52900f3d4b2e8ce1edfbd0034bb21638..42d679d15260eb84b37bf19c79eaedf810d76cb1 100644 (file)
--- a/named.conf.options
+++ b/named.conf.options
@@ -26,7 +26,7 @@ options {
        // ALEX DEHNERT: copied from old arctic version on 2008-12-19
        //ALEX DEHNERT: Security-related stuff:
        // Secure(ish):
        // ALEX DEHNERT: copied from old arctic version on 2008-12-19
        //ALEX DEHNERT: Security-related stuff:
        // Secure(ish):

-       allow-recursion { 18.208.0.204; 66.92.29.156; 66.92.29.144; 127.0.0.1; 192.168.0.0/16; };
+       allow-recursion { 18.208.0.204; 66.92.29.156; 66.92.29.144; 127.0.0.1; 192.168.0.0/16; 18.0.0.0/8; };

        //allow-query   { 66.92.29.156; 66.92.29.144; 127.0.0.1; };
        allow-transfer { none; };
 
        //allow-query   { 66.92.29.156; 66.92.29.144; 127.0.0.1; };
        allow-transfer { none; };