Bind Trouble
Ronan Flood
ronan at noc.ulcc.ac.uk
Mon Apr 5 09:50:43 UTC 2004
On Sat, 03 Apr 2004 13:40:42 -0500, brianc at dlois.com wrote:
> I'm running the most recent version in the 8.x series and i'm
> told that from the outside I have timeout issues. Internally
> I don't see it. I'm also told the I should have recursive
> shutoff but when I comment that line out it's still answers.
> I show no errors in the log so i'm not sure were to look.
> ns1.dlois.com
> ns2.dlois.com
I can query both of those servers, and they both accept recursive
queries for external data, which they shouldn't; or, if they're also
acting as your own caching servers, they should only accept recursive
queries from your own IP addresses (and your firewall/access-list
should block incoming packets with your local addresses as source).
When you say "comment that line out" what do you mean? Bind accepts
recursive queries by default, so if you want it not to, you have to
set that in the "options" section of named.conf:
recursion no;
or restrict it, eg
allow-recursion { 127.0.0.1; 216.220.225.96/27; };
as appropriate for your setup.
--
Ronan Flood <R.Flood at noc.ulcc.ac.uk>
working for but not speaking for
Network Services, University of London Computer Centre
(which means: don't bother ULCC if I've said something you don't like)
More information about the bind-users
mailing list