Public DNS - recursion no - Access to the Internet
pascal.mail at plouf.fr.eu.org
Sun Feb 18 12:58:22 UTC 2007
Barry Margolin a écrit :
> Pascal Hambourg <pascal.mail at plouf.fr.eu.org> wrote:
>>>"You can also configure the resolver to query the host's local nameserver
>>>using either the local host's IP address or the zero address. The zero
>>>address, 0.0.0.0, is interpreted by most TCP/IP implementations to mean
>>This is a wrong use of "this host". According to RFC 1700 and RFC 3330,
>>addresses in 0.0.0.0/8, including 0.0.0.0, may only be used as source
>>addresses, not destination addresses.
> That only refers to using it on the network, it has nothing to do with
> configuration files.
It has to do with both, when an address in a configuration file is meant
to be used on the network. Isn't a nameserver address in resolv.conf
meant to be used on the network ?
> The reason it didn't work for him was that he only put 127.0.0.1 in his
> allow-recursion ACL.
No, the reason was that "allow-recursion" was kept to "no".
> But when you use 0.0.0.0 in your named.conf,
0.0.0.0 was not used in named.conf but in resolv.conf.
> doesn't send from/to 127.0.0.1, it sends to one of the machine's real
> NIC addresses,
Do you mean that 0.0.0.0 as a nameserver address in resolv.conf is legal
and means "any local address" ?
> and in this case the source address is also that NIC address.
IMHO it depends on the default source adress selected by the IP stack.
Is there any requirement in RFCs saying that the default source adress
must be identical to the destination address ?
More information about the bind-users