Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 06-04-2009, 12:44 PM   #1
Registered: Oct 2006
Posts: 43

Rep: Reputation: 15
Bind allow-recursion seems to be ignored


Our 2 DNS servers are not allowing me to do recursive queries locally on the server. They used to, and today they don't anymore. As far as I know, nobody has changed the config.

options {
allow-recursion {
recursion no;

This is part of our config (that relates to recursion).

When I do a dig locally, it just lists the root servers with status: NOERROR and ANSWER: 0

If I change recursion yes; then it works.

Any ideas why this isn't working?

Old 06-04-2009, 01:11 PM   #2
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,432
Blog Entries: 15

Rep: Reputation: 1436Reputation: 1436Reputation: 1436Reputation: 1436Reputation: 1436Reputation: 1436Reputation: 1436Reputation: 1436Reputation: 1436Reputation: 1436
Why are you setting both allow-recursion and recursion no?

Also localhost is a name for which means it would only allow queries from that interface (lo0) to do recursion.

Did you create an acl named localhost? If so it may not be working due to above (that is it is likely taking localhost as literal host name rather than acl name). If not then it definitely isn't working due to above.

In our DNS servers we create acl:

acl "internaldns" {;; 10.0.17/22;; 
Then in options:
allow-recursion { internaldns; };
We have no "recursion" statement. By doing above it allows the hosts at IP or IP range specified in the acl, internaldns, to do recursive lookups but forbids all others (e.g. outside users).

In the individual zone specifications we include:
allow-query { any; };
That insures anyone inside or outside our network can query the zones for which we're authoritative. Users outside of the acl can query our zones but they can't use us to lookup things like but users inside the acl can lookup to their hearts' content.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
bind dns recursion, is this supposed to do that? sir-lancealot Linux - Server 1 08-30-2007 07:26 PM
BIND 9.3.3 split dns recursion disallow twantrd Linux - Software 2 12-15-2006 06:12 PM
Problems with BIND-9.2.3 - No Recursion ScooterB Linux - Server 4 11-25-2006 11:10 AM
Recursion in C hubabuba Programming 12 10-03-2005 07:46 AM
tar: '--no-recursion' option doesn't prevent recursion Earl Parker II Slackware 12 08-17-2004 02:49 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:05 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration