controlling recursion
Mark Andrews
Mark_Andrews at isc.org
Fri Nov 18 00:15:31 UTC 2005
> I have three name severs;
>
> 203.98.224.66
> BIND 9.2.1 [MASTER]
> Linux Mandrake 8.0
>
> 203.98.225.9
> BIND 9.3.1 [Slave]
> NT 4.0 SP6a
>
> 203.98.225.10
> BIND 9.3.0 [Slave]
> Linux Mandrake 10.0
>
> with;
>
> allow-recursion {
> 203.98.224.0/23;
> localhost;
> };
>
> inside their respective 'named.conf'. They are standard configurations
> with no views etc..
>
> My problem is the master is allowing recursion from outside our networks
> stipulated but the slaves are not.
Really? "ra" is not set in flags. If it allowed recursion
ra would be set. If you want to disable access to the cache
use allow-query not allow-recursion.
Mark
% dig ns . @203.98.224.66
; <<>> DiG 8.3 <<>> ns . @203.98.224.66
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16885
;; flags: qr rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; ., type = NS, class = IN
;; ANSWER SECTION:
. 2d21h50m19s IN NS B.ROOT-SERVERS.NET.
. 2d21h50m19s IN NS C.ROOT-SERVERS.NET.
. 2d21h50m19s IN NS D.ROOT-SERVERS.NET.
. 2d21h50m19s IN NS E.ROOT-SERVERS.NET.
. 2d21h50m19s IN NS F.ROOT-SERVERS.NET.
. 2d21h50m19s IN NS G.ROOT-SERVERS.NET.
. 2d21h50m19s IN NS H.ROOT-SERVERS.NET.
. 2d21h50m19s IN NS I.ROOT-SERVERS.NET.
. 2d21h50m19s IN NS J.ROOT-SERVERS.NET.
. 2d21h50m19s IN NS K.ROOT-SERVERS.NET.
. 2d21h50m19s IN NS L.ROOT-SERVERS.NET.
. 2d21h50m19s IN NS M.ROOT-SERVERS.NET.
. 2d21h50m19s IN NS A.ROOT-SERVERS.NET.
;; Total query time: 2447 msec
;; FROM: drugs.dv.isc.org to SERVER: 203.98.224.66
;; WHEN: Fri Nov 18 11:13:02 2005
;; MSG SIZE sent: 17 rcvd: 228
%
> I am currently not in a position to upgrade the Master's BIND version to
> the latest.
>
> I'd appreciate any pointers as to what I am doing incorrectly - to stop
> unwanted recursion - and will supply the full details / configurations
> off list if needed.
>
> Thanks,
>
> Jon
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list