bind9 config - security

[Gregg McClintic]

Kevin Darcy wrote:

>DC wrote:
>
>  
>
>>having trouble with config issue.
>>
>>running bind 9.2.3
>>
>>
>>
>>This is the authorative nameserver for my domain.
>>
>>Problem: i can resolve names for any domain from any network.
>>
>>I should only be able to resolve for the domain that i am authoritive for.
>>
>>i tired recursion no;
>>
>>but then i can't resolve the domain i am authorative for either..
>>
>>    
>>
>That makes no sense. If you're sending a query packet directly to an 
>authoritative nameserver for a zone, then recursion no/yes shouldn't 
>make any difference to the result, since no recursion is necessary to 
>resolve the name. Something else has got to be going on. Either the 
>packet isn't going where you think it's going, the nameserver is _not_ 
>actually authoritative after all, or maybe it *is* authoritative, just 
>not in the "view" your query happens to be selecting (if you use "view"s 
>at all, that is).
>
>Post your config. If this is a publically-accessible domain, post the 
>real domain name so we can take a look at it. Sometimes a few 
>well-placed queries over the Internet can save hours or days of email 
>back-and-forth on this list...
>
>- Kevin
>
>
>
>  
>
This is my first response / direct answer to a thread... Kevin is very 
good with all this and answers alot of questions. So hopefully i'm 
correct with my probing questions. (be easy on me...please... I could 
have some concepts down wrong)

Kevin is correct. If you get your domain out here that is having the 
problem we can check whats going on.

you would not happen to be using the same name servers that you are 
sending authoritative responses for resolving on your server/workstation?
Turning recursion off for a name server that acts as the resolving dns 
will cause issues of course.

you did not say if you were connecting locally trying to resolve the 
domain or remotely.

- Gregg