LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-04-2009, 01:44 PM   #1
helpmhost
Member
 
Registered: Oct 2006
Posts: 43

Rep: Reputation: 15
Bind allow-recursion seems to be ignored


Hi,

Our 2 DNS servers are not allowing me to do recursive queries locally on the server. They used to, and today they don't anymore. As far as I know, nobody has changed the config.

options {
allow-recursion {
localhost;
};
recursion no;
};

This is part of our config (that relates to recursion).

When I do a dig locally, it just lists the root servers with status: NOERROR and ANSWER: 0

If I change recursion yes; then it works.

Any ideas why this isn't working?

Thanks.
 
Old 06-04-2009, 02:11 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,043
Blog Entries: 14

Rep: Reputation: 1212Reputation: 1212Reputation: 1212Reputation: 1212Reputation: 1212Reputation: 1212Reputation: 1212Reputation: 1212Reputation: 1212
Why are you setting both allow-recursion and recursion no?

Also localhost is a name for 127.0.0.1 which means it would only allow queries from that interface (lo0) to do recursion.

Did you create an acl named localhost? If so it may not be working due to above (that is it is likely taking localhost as literal host name rather than acl name). If not then it definitely isn't working due to above.

In our DNS servers we create acl:

Code:
acl "internaldns" {
        10.0.9.60; 10.0.9.59; 10.0.17/22; 127.0.0.1; 
};
Then in options:
Code:
allow-recursion { internaldns; };
We have no "recursion" statement. By doing above it allows the hosts at IP or IP range specified in the acl, internaldns, to do recursive lookups but forbids all others (e.g. outside users).

In the individual zone specifications we include:
Code:
allow-query { any; };
That insures anyone inside or outside our network can query the zones for which we're authoritative. Users outside of the acl can query our zones but they can't use us to lookup things like Google.com but users inside the acl can lookup Google.com to their hearts' content.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
bind dns recursion, is this supposed to do that? sir-lancealot Linux - Server 1 08-30-2007 08:26 PM
BIND 9.3.3 split dns recursion disallow twantrd Linux - Software 2 12-15-2006 07:12 PM
Problems with BIND-9.2.3 - No Recursion ScooterB Linux - Server 4 11-25-2006 12:10 PM
Recursion in C hubabuba Programming 12 10-03-2005 08:46 AM
tar: '--no-recursion' option doesn't prevent recursion Earl Parker II Slackware 12 08-17-2004 03:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration