bind9 config - security
Kevin Darcy
kcd at daimlerchrysler.com
Tue Jan 24 22:49:11 UTC 2006
DC wrote:
>having trouble with config issue.
>
>running bind 9.2.3
>
>
>
>This is the authorative nameserver for my domain.
>
>Problem: i can resolve names for any domain from any network.
>
>I should only be able to resolve for the domain that i am authoritive for.
>
>i tired recursion no;
>
>but then i can't resolve the domain i am authorative for either..
>
That makes no sense. If you're sending a query packet directly to an
authoritative nameserver for a zone, then recursion no/yes shouldn't
make any difference to the result, since no recursion is necessary to
resolve the name. Something else has got to be going on. Either the
packet isn't going where you think it's going, the nameserver is _not_
actually authoritative after all, or maybe it *is* authoritative, just
not in the "view" your query happens to be selecting (if you use "view"s
at all, that is).
Post your config. If this is a publically-accessible domain, post the
real domain name so we can take a look at it. Sometimes a few
well-placed queries over the Internet can save hours or days of email
back-and-forth on this list...
- Kevin
More information about the bind-users
mailing list