BIND Security question

Barry Margolin barmar at
Tue Mar 7 17:46:31 UTC 2000

In article <002901bf884f$502a0bf0$1600a8c0 at bambam>,
Robert Everland III <reverland at> wrote:
>ok sorry let me clear up my problem more. I use 4.9.7 becuase 8.2.2 p5 for
>NT has a bug. It takes the lowest ip on the machine and will only use that
>one ip no others no matter what you do. Now what my ISP keeps telling me is
>becuase they are querying my DNS server for domains not on my server and
>getting a list of root servers is becuase I have misconfigured my DNS. What
>I tell them is the security I have makes it so they can't query any domain
>names NOT on my server. when they query a domain on my server it gives them
>an answer but not if they want to randomly check a domain name. So my domain
>server NS1.ORLANDO.COM is the DNS server and a domain on there
> is on there so you can check that you can get a domain on
>there but can't check domains not on there. Thanks for any help you guys can

Your ISP is being idiots.  If your server is not intended to be used as a
resolver, there's no reason why anyone would need to query your server to
look up things outside the domains you're hosting.

I wonder how you configured this security, though.  I don't think BIND 4
had anything like this.  With BIND 8 you would use the allow-query or
allow-recursion options, but the resulting behavior would be different (the
response wouldn't contain the root server list).

Barry Margolin, barmar at
GTE Internetworking, Powered by BBN, Burlington, MA
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list