named selectively denies recursion
Kevin Darcy
kcd at chrysler.com
Tue Mar 11 04:22:10 UTC 2008
Hoary Hairy Hoax wrote:
> I have a Linux name service daemon with a simple and open configuration.
> Its options include "recursion: yes;"; this is the default, but I wanted
> to make sure. In the main configuration file and the zone files, this is
> the only option governing acceptance of queries in general or recursive
> queries in particular.
>
> The server consistently accepts recursive queries from some hosts, and
> denies recursion to others. According to tcpdump on the server host, the
> server denies recursion autonomously without consulting any other servers.
>
> Apparently, if the client host's address lies outside the IP range for
> the server host's network interface, the server declares recursion
> unavailable and responds by refusing the query. These hosts are all on
> the same virtual LAN. No IP addresses are being translated. I don't
> think it would matter if they were.
>
> Can anybody suggest why the BIND daemon denies recursion selectively?
Just to be clear: when you say "denies recursion" do you mean a referral
response with the RA bit in the header set to 0, or do you actually mean
a REFUSED response?
Also, what version of BIND is this? The introduction of
allow-query-cache in 9.4 changed some of the defaults that might be
relevant here.
**
*
* - Kevin**
**
**
More information about the bind-users
mailing list