Access denied Bind9
Gregory Sloop
gregs at sloop.net
Tue Mar 8 02:42:21 UTC 2022
You might search the list archives, as I think this came up recently...
But I think the general consensus is that you shouldn't have a server that is both authoritative AND that allows recursive queries. (Security reasons)
And if you do allow both, to limit recursive queries to internal (semi-trusted/controlled) hosts only.
The options you'll be wanting to look at are:
allow-query
allow-recursion
allow-query-cache
See the docs.
something like;
allow-recursion { local-nets; };
Where local-nets are the local subnets you want to allow recursion for - meaning you trust those hosts on those subnets more than the open internet.
> Just to be clear, the servers are authoritative
> On Tue, Mar 8, 2022 at 5:27 AM Ritah Mulinde <rytaluv at gmail.com> wrote:
>> Thank you Mark
>> Iam abit new to this. How do i fix that??
>> On Tue, Mar 8, 2022 at 5:19 AM Mark Andrews <marka at isc.org> wrote:
>>> Presumably you are making recursive queries and you are denying them.
>>>> On 8 Mar 2022, at 12:44, Ritah Mulinde <rytaluv at gmail.com> wrote:
>>>>
>>>> Hi Guys
>>>> Just got my primary and secondary name servers running.
>>>>
>>>> However, when i reload rdnc and tail the syslogs all i get is "(xxxx.xx.com): query (cache) 'cccc.xx.com/A/IN' denied"
>>>>
>>>> Not sure why.
>>>>
>>>> kindly asking for some pointers on where to start looking
>>>>
>>>>
>>>> Thank you
>>>> --
>>>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>>>
>>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>>
>>>>
>>>> bind-users mailing list
>>>> bind-users at lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220307/1ededc62/attachment-0001.htm>
More information about the bind-users
mailing list