[BlueOnyx:11628] Re: BIND config

[Michael Stauber]

Hi Barry,

>         And I can confirm that this option 
>         does have an effect. Unchecking it
>         may stop recursion, but it also
>         stops all outgoing email ... saying
>         "host unknown"

Yes, please see "[BlueOnyx:11627] Re: BIND config". Your server needs to
use at least one DNS server that answers to all DNS related queries. If
your BlueOnyx uses your own DNS server and you disable recursion, then
your DNS server will only answer DNS related queries for domains or IP's
that your DNS server has records for. So if you try to send an email to
xxxxxxx at gmail.com and your server has no records for gmail.com, then
it'll say that it has no records for that domain. And the email delivery
will fail.

>         I've looked at the other settings, 
>         There are three boxes right now... 
>         Forwarding servers:  No entry
>         Zone Transfer Access by IP Address:
>                 208.xx.xx.xx
>                 208.xx.xx.xx0
>                 65.xxx.xx.xx
>                 209.xxx.xx.xx
>         and
>         Query Request Recursion Access by IP Address:
>                 127.0.0.1/30
>                 208.xx.xxx.x/24

Zone transfer access and recursion access are two entirely different
pair of shoes.

"Zone Transfer Access" defines which DNS servers can pull the entire
zone files from your DNS servers. This is useful if you have one master
DNS server and one or more slaves. On the master you say: IP of the
slave may do zone transfers. And the slave can then just "clone" the DNS
records by doing zone transfers.

"Query Request Recursion Access" defines which IP addresses or network
address ranges can ask your DNS server for IP's and domains that you do
not have records for. So into that field you'd add all the IP's and
address ranges of servers that use your DNS server to resolve DNS
related queries.

-- 
With best regards

Michael Stauber