AW: what is the localnet with netmask 255.255.255.255?
Rolf Haynberg
rolf.haynberg at 1und1.de
Thu Jun 20 13:07:23 UTC 2013
Sorry, I forgot to mention that the Servers were running "Windows Server 2008". Linux does not seem to be affected.
Von: bind-users-bounces+rolf.haynberg=1und1.de at lists.isc.org [mailto:bind-users-bounces+rolf.haynberg=1und1.de at lists.isc.org] Im Auftrag von Rolf Haynberg
Gesendet: Donnerstag, 20. Juni 2013 14:57
An: bind-users at lists.isc.org
Betreff: what is the localnet with netmask 255.255.255.255?
Hi Bind-Users and Devs,
We are running servers which have an IP netmask of 255.255.255.255 and on which we had configured BIND to "allow-recursion { localnets; };". In this setting I would expect that only requests from the localhost allow recursion as there is no localnet. However, BIND allows recursion globally, here - and we were running open resolvers.
Could this be a bug or is this the wanted behavior?
To the background of my question: Every Parallels Plesk installation brings a BIND with default config set to "allow-recursion { localnets; };". I would humbly assume that the above described behavior could be the reason for at least some open resolvers in the wild.
I'm happy to read your comments,
Rolf
In article <Pine.NEB.3.96.1000408121723.56992A-100000 at shell-1.enteract.com>,
Lance Spitzner <lspitz at enteract.com> wrote:
>I am attempting to limit recursive requests
>to my internal network only. However,
>
> allow-recursion { localnets; };
>
> Doesn't seem to be doing the trick. What
> is the proper way of limiting recursive lookups
> to a specific system/network?
That's the way to do it. What seems to be going wrong?
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130620/c7c83402/attachment.html>
More information about the bind-users
mailing list