Public DNS - recursion no - Access to the Internet

Barry Margolin barmar at
Sun Feb 18 03:07:20 UTC 2007

In article <er72t1$1dht$1 at>,
 Pascal Hambourg <pascal.mail at> wrote:

> Hello,
> Jarek Buczynski a ecrit :
> > 
> >>You don't need "nameserver" in your resolv.conf as that will just
> >>confuse things because it's not a valid IP address.  Leave it as
> >>"nameserver"
> > 
> > I use because I read about it in "DNS and BIND, 5th Edition 
> > By Paul Albitz, Cricket Liu "
> > 
> > Quote:
> > "You can also configure the resolver to query the host's local nameserver
> > using either the local host's IP address or the zero address. The zero
> > address,, is interpreted by most TCP/IP implementations to mean
> > "this host."
> This is a wrong use of "this host". According to RFC 1700 and RFC 3330, 
> addresses in, including, may only be used as source 
> addresses, not destination addresses.

That only refers to using it on the network, it has nothing to do with 
configuration files.

The reason it didn't work for him was that he only put in his 
allow-recursion ACL.  But when you use in your named.conf, it 
doesn't send from/to, it sends to one of the machine's real 
NIC addresses, and in this case the source address is also that NIC 
address.  Since this doesn't match the ACL, recursion is denied.

Barry Margolin, barmar at
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list