Why did this occur when turning off recursion

Martin McCormick martin at dc.cis.okstate.edu
Tue May 22 17:05:38 UTC 2001


"King, John (Greg) (OAO-HOU)" writes:
>Restarted BIND and my entire home network could not resolve anything. I
>thought the server would respond back with the root server list telling my
>system where it needed to go to find its information (and not use my dns
>server to do the lookup). Instead nothing resolved at all. Took the entries
>out and everything worked again.

	I feel better now.  I guess I am not the only person who
thought that.

	If you  set up an access control list at the top of your
named.conf file like


options {
	directory "/var/named";
        allow-query { 180.28.0.0/16;
127.0.0.1;
194.207.205.0/24;
192.153.5.0/24;
192.153.6.0/24;
192.153.7.0/24;
193.71.89.0/24;
 };

	Then you put 

        allow-query { any; };

	in each of your authoritative zones including the reverse
zones.  So far, it appears to work properly for any traffic from
inside any of the listed networks.  If you are outside trying to
use the dns, you get successful lookups for the authoritative
zones, but any attempts to look up hosts that you are not
authoritative for are refused.

Martin McCormick WB5AGZ  Stillwater, OK 
OSU Center for Computing and Information Services Data Communications Group


More information about the bind-users mailing list