"recursion available: denied" message even for non-recursive queries?

Barry Margolin barmar at genuity.net
Wed Apr 3 22:42:14 UTC 2002


In article <a8g06q$f0 at pub3.rc.vix.com>,  <gschmid at notes.cc.sunysb.edu> wrote:
>
>I'm running 9.2.0 on a Tru64/DEC UNIX box.
>
>In my named.conf file I have an
>      allow-recursion { acl_list; };
>statement.
>
>Everything seems to be working as expected.
>Hosts on the acl list get answers to all queries.
>Hosts not on the acl list do not get answers to
>recursive queries.
>
>The question that I have is with the logging of the
>security category messages when my name server
>is queried from hosts not on the acl list.
>
>I get the following log message:
>
>recursion available: denied
>
>when hosts who are not on the acl list make
>recursive *and* non-recursive queries.  I would
>have expected that message only when hosts
>not on the acl list make recursive queries.
>Why do I also get the message when hosts not
>on the acl list make non-recursive queries
>(and get answers to those non-rec. queries)?

It sounds like it's just logging the fact that it's not setting the
Recursion Available bit in the response.

Or maybe these queries are triggering the fetch-glue logic, but this extra
query is denied because it would be a recursive query.  What happens if you
put "fetch-glue no;" in the options?

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


More information about the bind-users mailing list