what is the localnet with netmask 255.255.255.255?

Rolf Haynberg rolf.haynberg at 1und1.de
Thu Jun 20 12:57:28 UTC 2013


Hi Bind-Users and Devs,

We are running servers which have an IP netmask of 255.255.255.255 and on which we had configured BIND to "allow-recursion { localnets; };". In this setting I would expect that only requests from the localhost allow recursion as there is no localnet.  However, BIND allows recursion globally, here - and we were running open resolvers.

Could this be a bug or is this the wanted behavior?

To the background of my question: Every Parallels Plesk installation brings a BIND with default config set to "allow-recursion { localnets; };". I would humbly assume that the above described behavior could be the reason for at least some open resolvers in the wild.

I'm happy to read your comments,
Rolf


In article <Pine.NEB.3.96.1000408121723.56992A-100000 at shell-1.enteract.com>,
Lance Spitzner  <lspitz at enteract.com> wrote:
>I am attempting to limit recursive requests
>to my internal network only.  However,
>
> allow-recursion { localnets; };
>
> Doesn't seem to be doing the trick.  What
> is the proper way of limiting recursive lookups
> to a specific system/network?

That's the way to do it.  What seems to be going wrong?

--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130620/9a83c063/attachment.html>


More information about the bind-users mailing list