named selectively denies recursion
Kirk
kirkb at kirkb.net
Tue Mar 11 13:43:23 UTC 2008
Hoary Hairy Hoax wrote:
> I have a Linux name service daemon with a simple and open configuration.
> Its options include "recursion: yes;"; this is the default, but I wanted
> to make sure. In the main configuration file and the zone files, this is
> the only option governing acceptance of queries in general or recursive
> queries in particular.
>
> The server consistently accepts recursive queries from some hosts, and
> denies recursion to others. According to tcpdump on the server host, the
> server denies recursion autonomously without consulting any other servers.
>
> Apparently, if the client host's address lies outside the IP range for
> the server host's network interface, the server declares recursion
> unavailable and responds by refusing the query. These hosts are all on
> the same virtual LAN. No IP addresses are being translated. I don't
> think it would matter if they were.
>
Assuming you are running 9.4.x, take a look at the BIND 9.4 ARM
regarding these "options" settings.
allow-query - *default allow queries from all hosts*
allow-query-cache - *default (localnets; localhost;)*
allow-recursion - *default (localnets; localhost;)*
Hope that helps,
Kirk
More information about the bind-users
mailing list