Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 08-30-2007, 03:11 PM   #1
Registered: Aug 2007
Posts: 346

Rep: Reputation: 31
bind dns recursion, is this supposed to do that?

Hey all .... setting up 2 bind servers to replace some older ones, these we wish to allow recursion only to our local box's. That is setup and seems to be working well, but here is the question (it might be a flag, setting or just something I am missing )

options look as followed;

directory "/var/named";
zone-statistics yes;

notify no;
transfer-format many-answers;
max-transfer-time-in 60;
allow-recursion { ip_range/26; };

If I restart named on the box, goto a machine off (ip_range) and do a dig @newserver it gives me the list of root servers, and that will happen over and over. If I query that box with a machine on that iprange network dig @newserver I get the reply with the answers. If I jump back to the off network machine and query it again for yahoo, I get the answers this time (as opposed to the root servers)

Is there a way not to allow others to get responses for servers he is not authoritative for?


Edit/Delete Message
Old 08-30-2007, 07:26 PM   #2
Senior Member
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
There is, but it is only on the very newest of newest versions of BIND, from 9.4.0 and on. Starting in 9.4.0, you can add "allow-query-cache" to the options, and specify the same /26 network. Now when something off the /26 asks for something in the cache, it will still be denied and pointed to the roots.

The behavior you saw is exactly what is supposed to happen.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND 9.3.3 split dns recursion disallow twantrd Linux - Software 2 12-15-2006 06:12 PM
Problems with BIND-9.2.3 - No Recursion ScooterB Linux - Server 4 11-25-2006 11:10 AM
LXer: DNS: The Bind Leading the Bind LXer Syndicated Linux News 0 06-15-2006 10:33 PM
tar: '--no-recursion' option doesn't prevent recursion Earl Parker II Slackware 12 08-17-2004 02:49 AM
DNS and BIND buttnutt Linux - Networking 5 06-08-2002 06:02 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:10 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration