Recursion no
Mark Andrews
Mark_Andrews at isc.org
Thu Nov 16 22:01:29 UTC 2006
> Do you know how you would go about locking down your advertisitng DNS
> Servers by turning recursion off but still allowing some CNAME's to
> resolve to other external non authorative.
You just turn recursion off. Iterative resolvers know how
to handle the answers and follow the CNAMEs themselves.
> For example you are advertising the domain
>
> hello.com
>
> In the zone file it contains
>
> Test IN A 142.142.14.2
> More IN A 142.142.14.3
> Again IN A 142.142.14.4
> Out IN CNAME somexternal.domain.com.
> Nice IN A 142.146.144.5
> Outside IN CNAME yahooos.yahoo.com.
>
> The hostname outside.hello.com. Will not resolve as my servers is non
> recursive, also out.hello.com. Will also not resolve. How would I be
> able to work around this situation in order to protect my dns server
> from performing recursive lookups to the rest of the world.
>
> Thanks
> Nick
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list