<html>
<head>
<style>
 .sw_message P{margin:0px;padding:0px;}
 .sw_message {FONT-SIZE: 12pt;FONT-FAMILY:Tahoma,Arial,Helvetica,sans-serif;background:white;}
 .sw_message blockquote{margin-left:5px;padding-left:5px;border-left:2px solid #144fae;color: #144fae;}
 .sw_message blockquote blockquote{border-left:2px solid #006312;color: #006312;}
 .sw_message blockquote blockquote blockquote{border-left:2px solid #8e5656;color: #8e5656;}
 .sw_message blockquote blockquote blockquote blockquote{border-left:2px solid #888;color: #888;}
</style>
</head>
<body class="sw_message">
<div> For linux bind named.conf:<br><br>Within "options {" put:<br><br>allow-query { any; };<br>allow-recursion { trusted; };<br>allow-query-cache { trusted; };<br><br><br>Then, add this new section somewhere after the options closing bracket:<br><br>acl "trusted" {<br>localhost;<br>localnets;<br>//netblocks/IPs you want, examples below:<br>123.23.23.23/24;<br>12.123.123.123;<br>};<br><br></div><div> </div><div id="editor_signature"></div><div>On Tuesday 10/09/2013 at 4:23 am, Eugen Leitl  wrote: </div><blockquote type="cite">On Tue, Sep 10, 2013 at 12:45:03AM -0700, Bry8 Star wrote:<br><blockquote type="cite"> If you run your own BIND/named as Authoritative DNS-Server, for some<br> domain-name that you own, and if it is also configured to function<br> as a Recursive DNS-Server for local software (in that computer), and<br> if you have enabled DNSSEC (for recursive side), then that would be<br> better, imho.<br></blockquote><br>Speaking about recursive DNS for BIND, does anyone have<br>a working set of options which limit recursive DNS queries<br>to just the local subnet, and another couple IPs, maybe?<br> <br><br>_______________________________________________<br>tor-relays mailing list<br>tor-relays@lists.torproject.org<br><a target="_blank" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br><br></blockquote><br> 
</body></html>