"recursion available: denied" message even for non-recursive queries?

gschmid at notes.cc.sunysb.edu gschmid at notes.cc.sunysb.edu
Wed Apr 3 23:02:32 UTC 2002


> In article <a8g06q$f0 at pub3.rc.vix.com>,
> <gschmid at notes.cc.sunysb.edu> wrote:
> >
> >I'm running 9.2.0 on a Tru64/DEC UNIX box.
> >
> >In my named.conf file I have an
> >      allow-recursion { acl_list; };
> >statement.
> >
> >Everything seems to be working as expected.
> >Hosts on the acl list get answers to all queries.
> >Hosts not on the acl list do not get answers to
> >recursive queries.
> >
> >The question that I have is with the logging of the
> >security category messages when my name server
> >is queried from hosts not on the acl list.
> >
> >I get the following log message:
> >
> >recursion available: denied
> >
> >when hosts who are not on the acl list make
> >recursive *and* non-recursive queries.  I would
> >have expected that message only when hosts
> >not on the acl list make recursive queries.
> >Why do I also get the message when hosts not
> >on the acl list make non-recursive queries
> >(and get answers to those non-rec. queries)?
>
> It sounds like it's just logging the fact that it's not setting the
> Recursion Available bit in the response.
>
> Or maybe these queries are triggering the fetch-glue logic,
> but this extra query is denied because it would be a
> recursive query.  What happens if you put "fetch-glue no;"
> in the options?

I get the same results along with a:

"option 'fetch-glue' is obsolete"

log message when named starts.  I checked the ARM
and it says that BIND 9 never does a fetch-glue anyway.



More information about the bind-users mailing list