Public DNS - recursion no - Access to the Internet
Barry Margolin
barmar at alum.mit.edu
Sun Feb 18 03:07:20 UTC 2007
In article <er72t1$1dht$1 at sf1.isc.org>,
Pascal Hambourg <pascal.mail at plouf.fr.eu.org> wrote:
> Hello,
>
> Jarek Buczynski a ecrit :
> >
> >>You don't need "nameserver 0.0.0.0" in your resolv.conf as that will just
> >>confuse things because it's not a valid IP address. Leave it as
> >>"nameserver 127.0.0.1"
> >
> > I use 0.0.0.0 because I read about it in "DNS and BIND, 5th Edition
> > By Paul Albitz, Cricket Liu "
> >
> > Quote:
> > "You can also configure the resolver to query the host's local nameserver
> > using either the local host's IP address or the zero address. The zero
> > address, 0.0.0.0, is interpreted by most TCP/IP implementations to mean
> > "this host."
>
> This is a wrong use of "this host". According to RFC 1700 and RFC 3330,
> addresses in 0.0.0.0/8, including 0.0.0.0, may only be used as source
> addresses, not destination addresses.
That only refers to using it on the network, it has nothing to do with
configuration files.
The reason it didn't work for him was that he only put 127.0.0.1 in his
allow-recursion ACL. But when you use 0.0.0.0 in your named.conf, it
doesn't send from/to 127.0.0.1, it sends to one of the machine's real
NIC addresses, and in this case the source address is also that NIC
address. Since this doesn't match the ACL, recursion is denied.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list