More than Caching DNS server
Ladislav Vobr
lvobr at ies.etisalat.ae
Sun Sep 21 02:29:45 UTC 2003
Rudi Starcevic wrote:
> Here is my 'dig' command and output:
>
> rudi at central:~$ dig @64.235.238.29 rudistarcevic.net. any
it works for me
$ dig @64.235.238.29 rudistarcevic.net. any
; <<>> DiG 9.2.2 <<>> @64.235.238.29 rudistarcevic.net. any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48562
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;rudistarcevic.net. IN ANY
;; ANSWER SECTION:
rudistarcevic.net. 37354 IN NS water.oasis.net.au.
rudistarcevic.net. 37354 IN NS moon.oasis.net.au.
;; AUTHORITY SECTION:
rudistarcevic.net. 37354 IN NS moon.oasis.net.au.
rudistarcevic.net. 37354 IN NS water.oasis.net.au.
;; ADDITIONAL SECTION:
moon.oasis.net.au. 37354 IN A 210.8.139.4
water.oasis.net.au. 37354 IN A 210.8.139.2
;; Query time: 281 msec
;; SERVER: 64.235.238.29#53(64.235.238.29)
;; WHEN: Sun Sep 21 06:26:18 2003
;; MSG SIZE rcvd: 146
>
> allow-recursion { any; };
you don't want to do this, recursion should be available only for well
known clients, it can be easily misused, since DNS is mostly UDP service
and this can make lot of headache for your service.
Always restrict the recursion to your users only.
Ladislav
More information about the bind-users
mailing list