"recursion available: denied" message even for non-recursive queries?
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Thu Apr 4 00:42:33 UTC 2002
>
> gschmid at notes.cc.sunysb.edu wrote:
>
> > I'm running 9.2.0 on a Tru64/DEC UNIX box.
> >
> > In my named.conf file I have an
> > allow-recursion { acl_list; };
> > statement.
> >
> > Everything seems to be working as expected.
> > Hosts on the acl list get answers to all queries.
> > Hosts not on the acl list do not get answers to
> > recursive queries.
> >
> > The question that I have is with the logging of the
> > security category messages when my name server
> > is queried from hosts not on the acl list.
> >
> > I get the following log message:
> >
> > recursion available: denied
> >
> > when hosts who are not on the acl list make
> > recursive *and* non-recursive queries. I would
> > have expected that message only when hosts
> > not on the acl list make recursive queries.
> > Why do I also get the message when hosts not
> > on the acl list make non-recursive queries
> > (and get answers to those non-rec. queries)?
>
> I'd consider it a logging bug. Even if the message is intended to be
> purely informational, it shouldn't use the term "denied" in this
situation, nor should it log to the "security" category.
>
>
> - Kevin
Well if you turn on debugging you get lots of additional
things logged.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list