allow-recursion and acls
    Jim Mozley 
    jim.mozley at exponential-e.com
       
    Wed Jan 12 11:23:58 UTC 2005
    
    
  
I have a problem with implementing an ACL that restricts recursive 
queries. If I allow recursive queries from any networks all is OK, if I 
try to restrict it to certain networks I can see in the logs that 
recursion is refused for queries from legitimate IP address.
12-Jan-2005 10:54:33.238 security: notice: denied recursion for query 
from [62.244.x.x].12422 for www.ishop.co.uk IN
Can anyone see anything wrong with the configuration below?
I am running bind 8.4.4.
This is OK:
acl our-nets { any; };
allow-recursion { our-nets; };
This seems to cause the problems:
acl our-nets {	localhost;
		62.244.160.0/19;
		83.244.128.0/17;
	};
allow-recursion { our-nets; };
I have the ACLs in an include file, which is included at the beginning 
of named.conf before the options directive.
Jim
    
    
More information about the bind-users
mailing list