"recursion available: denied" message even for non-recursive queries?
Kevin Darcy
kcd at daimlerchrysler.com
Wed Apr 3 23:12:54 UTC 2002
gschmid at notes.cc.sunysb.edu wrote:
> I'm running 9.2.0 on a Tru64/DEC UNIX box.
>
> In my named.conf file I have an
> allow-recursion { acl_list; };
> statement.
>
> Everything seems to be working as expected.
> Hosts on the acl list get answers to all queries.
> Hosts not on the acl list do not get answers to
> recursive queries.
>
> The question that I have is with the logging of the
> security category messages when my name server
> is queried from hosts not on the acl list.
>
> I get the following log message:
>
> recursion available: denied
>
> when hosts who are not on the acl list make
> recursive *and* non-recursive queries. I would
> have expected that message only when hosts
> not on the acl list make recursive queries.
> Why do I also get the message when hosts not
> on the acl list make non-recursive queries
> (and get answers to those non-rec. queries)?
I'd consider it a logging bug. Even if the message is intended to be
purely informational, it shouldn't use the term "denied" in this
situation, nor should it log to the "security" category.
- Kevin
More information about the bind-users
mailing list