controlling recursion

Mark Andrews Mark_Andrews at isc.org
Fri Nov 18 00:15:31 UTC 2005 

> I have three name severs;
> 
> 203.98.224.66
> BIND 9.2.1 [MASTER]
> Linux Mandrake 8.0
> 
> 203.98.225.9
> BIND 9.3.1 [Slave]
> NT 4.0 SP6a
> 
> 203.98.225.10
> BIND 9.3.0 [Slave]
> Linux Mandrake 10.0
> 
> with;
> 
> allow-recursion {
>                  203.98.224.0/23;
>                  localhost;
>                  };
> 
> inside their respective 'named.conf'.  They are standard configurations 
>   with no views etc..
> 
> My problem is the master is allowing recursion from outside our networks 
> stipulated but the slaves are not.

	Really?  "ra" is not set in flags.  If it allowed recursion
	ra would be set.  If you want to disable access to the cache
	use allow-query not allow-recursion.

	Mark

% dig ns . @203.98.224.66

; <<>> DiG 8.3 <<>> ns . @203.98.224.66 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16885
;; flags: qr rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      ., type = NS, class = IN

;; ANSWER SECTION:
.                       2d21h50m19s IN NS  B.ROOT-SERVERS.NET.
.                       2d21h50m19s IN NS  C.ROOT-SERVERS.NET.
.                       2d21h50m19s IN NS  D.ROOT-SERVERS.NET.
.                       2d21h50m19s IN NS  E.ROOT-SERVERS.NET.
.                       2d21h50m19s IN NS  F.ROOT-SERVERS.NET.
.                       2d21h50m19s IN NS  G.ROOT-SERVERS.NET.
.                       2d21h50m19s IN NS  H.ROOT-SERVERS.NET.
.                       2d21h50m19s IN NS  I.ROOT-SERVERS.NET.
.                       2d21h50m19s IN NS  J.ROOT-SERVERS.NET.
.                       2d21h50m19s IN NS  K.ROOT-SERVERS.NET.
.                       2d21h50m19s IN NS  L.ROOT-SERVERS.NET.
.                       2d21h50m19s IN NS  M.ROOT-SERVERS.NET.
.                       2d21h50m19s IN NS  A.ROOT-SERVERS.NET.

;; Total query time: 2447 msec
;; FROM: drugs.dv.isc.org to SERVER: 203.98.224.66
;; WHEN: Fri Nov 18 11:13:02 2005
;; MSG SIZE  sent: 17  rcvd: 228

% 

> I am currently not in a position to upgrade the Master's BIND version to 
> the latest.
> 
> I'd appreciate any pointers as to what I am doing incorrectly - to stop 
> unwanted recursion -  and will supply the full details / configurations 
> off list if needed.
> 
> Thanks,
> 
> Jon
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list