"recursion available: denied" message even for non-recursive queries?
Barry Margolin
barmar at genuity.net
Wed Apr 3 22:42:14 UTC 2002
In article <a8g06q$f0 at pub3.rc.vix.com>, <gschmid at notes.cc.sunysb.edu> wrote:
>
>I'm running 9.2.0 on a Tru64/DEC UNIX box.
>
>In my named.conf file I have an
> allow-recursion { acl_list; };
>statement.
>
>Everything seems to be working as expected.
>Hosts on the acl list get answers to all queries.
>Hosts not on the acl list do not get answers to
>recursive queries.
>
>The question that I have is with the logging of the
>security category messages when my name server
>is queried from hosts not on the acl list.
>
>I get the following log message:
>
>recursion available: denied
>
>when hosts who are not on the acl list make
>recursive *and* non-recursive queries. I would
>have expected that message only when hosts
>not on the acl list make recursive queries.
>Why do I also get the message when hosts not
>on the acl list make non-recursive queries
>(and get answers to those non-rec. queries)?
It sounds like it's just logging the fact that it's not setting the
Recursion Available bit in the response.
Or maybe these queries are triggering the fetch-glue logic, but this extra
query is denied because it would be a recursive query. What happens if you
put "fetch-glue no;" in the options?
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list